Email phishing is a large-scale problem. A phishing email may ask you for money and/or information. If you give money, it is likely lost and if you provide information you could be putting yourself and others at greater risk of fraud and a security breach.
A staggering 62,463,699 emails sent to University email addresses in May 2023 were blocked by the email security gateway as potential phishing. This represented 82% of all email traffic during that month. With increasing reliance on new technologies and more automation, it becomes more and more difficult to spot the undercover person or malware trying to breach our security.
A member of the University of Oxford recalls a near-miss:
‘I got caught out and sent an initial reply to an email that I received, which was in the name of my manager, before I realised it was a phishing email. Fortunately, I stopped the communication after checking the sender address, and before I provided any personal information or transferred money. I am extra careful now and regularly check the sender address of my emails, before responding.’
The best way to prevent falling for a phishing email is to pause, stop and think before responding to any unexpected request, particularly when an email is asking for your information or money, or to click on something. Taking some time to think about what you’re looking at, checking the email address, checking the name, even getting in touch with the organisation or person that the email is purportedly from, can be enough to guard yourself against a problem. It is best to investigate a little further and then decide what action to take.
If you do think you’ve been compromised then stop communication, do not send more money or information. Report the incident to OxCERT and speak to your local IT support team for practical help. Always change your passwords if you think there could be an issue.
It is not your fault, some phishing emails can be very convincing.