How to contact us

 

Email: imt.infosec@lse.ac.uk|

Phone: +44 (0) 20 7107 5000

Extension: 5000

Location: S86, St Clements Building

Phishing: Don't Get Caught!

Introduction

There are many threats facing those who use email. The techniques for creating deceptive e-mail messages are designed to fool users into giving away personal information which can then be used to compromise your network account, perpetrate identity theft or compromise your financial accounts. Being aware of the different threats and learning some simple ways of identifying fake emails can help you to stay safe when using email.

phishing1

Types of malicious emails

Scams: Intentional deceptions made for gain, or to cause damage through email. For example: “You are a winner of our £1,000,000 lottery fund! Click here to claim your reward.”

Spam: Also known as junk email, designed to trick you into thinking their message is worth reading. For example: "Great value medical store!"

Hoax: Warnings about a non-existent threat, or an offer that sounds good to be true. For example: "Your LSE account will be deactivated in 24 hours unless you confirm your email address and password."

Phishing: Pronounced ‘fishing’. Phishing emails try to entice you into disclosing personal information, such as your username, password or bank account details. For example: "You have been given a tax refund. To help us process your payment, please click here and enter your name, address, phone number and bank details."

Spoofing: When the sender address of an email has been altered to hide its true origin, used by virus and spam authors to make their emails look legitimate and lure people into clicking on links or downloading attachments. For example: The email looks as it is from one address but hovering over it reveals a different address.

Falling victim to these malicious emails and clicking links, downloading attachments or replying with your personal information may mean that your information will be stolen and used without your knowledge or consent.

phishing3

What to look for

Malicious emails are designed to try and fool you into thinking they are legitimate. However, there are some key things you can look out for that act as warning signs of scams or phishing attempts.

  • Requests for personal information, such as postal address, account password, bank details
  • Generic greetings such as ‘Dear member’ or ‘Dear user’
  • The use of subject lines designed to trick you into thinking you know the sender
  • Short, vague or odd-sounding messages with an attachment
  • The email wants you to download an attachment that you weren’t expecting
  • Urgent wording, mentions of deadlines for certain actions
  • Promises that sound too good to be true
  • Vague or inaccurate signatures e.g. Head of LSE, Director of Computing Services at LSE
  • Emails with poor spelling and grammar

If you are ever in doubt about the legitimacy of an email, contact the IT Service Desk: it.servicedesk@lse.ac.uk| (Staff and PGRs) or the IT Help Desk: it.helpdesk@lse.ac.uk| (Taught Students).

phishing4

Top tips

As well as being aware of the warning signs of a phishing email there are some simple precautions you can take to protect yourself from being scammed.

  • Be cautious of any attachments – do not open them unless you know they are coming in advance
  • Do not reply to or click any links in the email message if you are unsure where it has come from – you will only be confirming to the unknown sender that your email address is a valid one
  • If the email contains links, hover over them (do not click) with your mouse. Does the preview URL that appears match the URL in the email text? If it doesn’t, you may have found a phish
  • Check URLs closely – at first glance it may seem like a well-known company but further inspection may reveal slight alterations or misspellings
  • Use anti-spam solutions or junk email filters to reduce the number of spam emails you receive
  • Install and enable Antivirus on your devices, and keep it updated
  • Install and enable personal firewall software. This is often a pre-installed feature which needs to be enabled
  • Apply the latest security patches or hot-fixes
  • Check the legitimacy of something before you download it. Only download content from websites you trust.
  • Avoid obvious passwords like date of birth, and never share your password with anyone. See our advice for choosing a strong password.
  • If in doubt, contact the IT Service Desk: it.servicedesk@lse.ac.uk (Staff and PGRs) or the IT Help Desk: it.helpdesk@lse.ac.uk (Taught Students).

phishing2

Contact IMT

IT Service Desk| (Staff and PGRs)
Email: it.servicedesk@lse.ac.uk|
Phone: 020 7107 5000

IT Help Desk| (Taught students)
Email: it.helpdesk@lse.ac.uk|
Phone: 020 7955 6728

Please contact IMT immediately if:

  • You have reason to believe that your account has been compromised
  • You are in doubt concerning the legitimacy of an email
  • You would like to report a spam email

IMT will never email you asking you to confirm or change your password.

Reporting a spam email

To report a spam or phishing email to IMT, please contact it.servicedesk@lse.ac.uk| first to make the IT Service Desk aware of the issue. You will then be asked by the Service Desk technician to forward the suspected malicious email as an attachment to the Information Security team for further investigation.

In order for the Information Security team to effectively investigate malicious emails, you must send the full email including the header.The below instructions are for us in Outlook 2010.

To forward an email as an attachment:

  1. Open the message you wish to report to IMT.
  2. Click the More dropdown on the ribbon in the Respond group and choose Forward as an attachment.
  3. You can then compose the rest of your message and press Send in the usual way.

phishingAttachment2

To insert an email as an attachment in a new message:

  1. Open a new email and click the Attach item button on the ribbon, in the Include group.
  2. Choose the message you wish to report to IMT
  3. Click Insert as attachment | OK
  4. You can then compose the rest of your message and press Send in the usual way.

phishingAttachment

Useful links

There are a wealth of online resources for identifying and combating spam and phishing attempts.

Share:Facebook|Twitter|LinkedIn|