Fraud isn't just for Christmas

Fraud isn't just for Christmas. Scams, phishing emails and fraud happen all year round and can have devastating consequences, both emotionally and financially, for those who become a victim. 

80% of fraud takes place online. The Home Affairs Committee's new inquiry on fraud is examining 'how effective Government and law 

enforcement agencies are at identifying and combating existing and emerging forms of fraud'.

Technology companies should be doing more to identify and combat spam emails to prevent its customers from becoming victims of fraud. 

Here at the University, Oxford's Computer Emergency Response Team (OxCERT) is doing what technology companies should be, by using software that intercepts 80% of spam and phishing emails before they even arrive in your inbox.  

The 20% of emails that do end up in your inbox are often reported to OxCERT by phishing@infosec.ox.ac.uk, which are then ticketed and triaged by our team.  

Reporting early is important, even if you haven’t shared any personal information or clicked on any links. This allows the Information Security team to identify threat patterns, which then means you can receive up to date cyber security advice and communications. 

What can you do? 

• Pause, stop and think before responding to any unexpected request, particularly when an email is asking for your information or money, or for you to do them a favour 
• Take some time to think about what you’re looking at, checking the email address, checking the name, even getting in touch with the organisation or person that the email is purportedly from, can be enough to guard yourself against a problem
• Urgency is a tactic usually employed by cyber criminals. Are you told you only have a limited time to respond? Does the sender keep sending messages asking you to make contact? These are signs that you’ve targeted by a phishing email
• Keep up to date with your Information Security and Data Privacy training. This is the best way to keep yourself cyber aware!

For the first time, we are sharing some examples of phishing and scam emails that you have reported to OxCERT each day. These emails range from phishing emails to gift card scams to payment redirection emails. As you can see, each email requires the recipient to act urgently. The email also comes from a suspicious email address that doesn't match the senders name or signature. Remember, the next time you receive a suspicious email, use our checklist to keep yourself safe. 

We want to foster a no-blame culture at Oxford whilst also empowering our staff and students to be cyber aware. If you do become a victim of scam by cyber criminals whilst at work, please report the incident as soon as possible.