Credential phishing scams: know the signs

To support safer use of technology, the Information Technology Services (ITS) team will report each month on important cyber security issues and threats. This month, we’re talking about credential phishing – what it looks like, and how you can avoid it.

Phishing occurs when a cyber-criminal uses emails to trick recipients into sharing their personal information, usually via a fraudulent website that appears legitimate. Phishing emails are sent from either a forged email address, or a legitimate email address that has been compromised.

Credential phishing specifically targets your login details, and the most common victims are public agencies – universities, government departments and large businesses. Credential phishing emails usually ask you to log in to known sites such as Office 365, OneDrive, LinkedIn and DocuScan.

In a credential phishing scam, the aim isn’t necessarily to gain access to the University network. Once a cyber-criminal obtains your credentials, they can use these to scam others within the organisation, or move throughout business systems to obtain more sensitive information.

While email security defences can filter malicious emails, cyber criminals are always working on new ways to bypass security systems. The best defence for credential phishing is to remain vigilant and look out for the following warning signs:

  • Suspicious links: Always hover over a hyperlink before you click it – is the URL different? Does it match the URL usually provided by the organisation?
  • Urgent language: E.g. “Your account will be suspended if you don’t log in within 24 hours.”
  • Request for login details or credentials such as name and date of birth.

If you feel you have been affected by credential phishing, please contact IT Support immediately.

ITS thanks you for your efforts in supporting the University’s stance against cybercrime, and we encourage you to continue reporting suspicious emails and requesting advice on suspicious links. Remember, cyber security is everyone’s responsibility.