Spam and phishing emails

If you, or anyone in your department, fall for a phishing scam:

1. Report to your bank immediately if any bank details are involved

2. Change your University account password

3. Contact the IT Support, who will:

• Help you make sure your account is fully secured
• Provide advice specific to the particular compromise
• Track down other users who may have been affected

4. Follow our advice to protect your account:

• What to do if your account is compromised/hacked

Sometimes scammers target members of the University, either with specific details, or by pretending to be IT Services or other departments.

For example:

• Email messages appearing to be from IT Services, asking for your username and password, and saying that your email account will be closed if you don't reply.
• Some students have received emails appearing to be from the Student Loans Company.
• Some staff have received very targeted emails which address them using their name, and which refer to their academic or professional interests - for example, referring to papers that they've written. These messages include links which purportedly allow them to view useful information or submit new papers. The links request a username and password.
• Compromised accounts are often then used to send spam emails. If you're sent an email, it may not be from the person it appears to be from
• We've also seen Google forms used in phishing attempts, and you're reminded never to submit personal details like your password via a Google form (or other form service).

Always be wary of unexpected emails, no matter how genuine they seem.

York account accessed

We have seen cases where people have typed in their University username and password into a phishing site, and then discovered that someone had accessed their Google Mail account and set up their email to be forwarded elsewhere.

Other people have found that all of their email messages have been deleted.

Bank account accessed

At the University, we have seen instances where:

• students have received emails pretending to be from the Student Loan Company
• staff have received emails about tax refunds.

In both cases, members of the University were taken in by the messages, and provided details including bank account numbers and online banking passwords.

Giving this information can result in you losing control of your bank account.

Identity theft

Identity theft happens when someone has enough information about your identity (such as your name, date of birth, current or previous addresses) to commit identity fraud. 

Identity fraud can have a direct impact on your personal finances and could also make it difficult for you to obtain loans, credit cards or a mortgage until the matter is resolved.

Fraudsters can use your identity details to:

• Open bank accounts.
• Obtain credit cards and loans
• Order goods in your name
• Take over your existing accounts
• Take out mobile phone contracts
• Obtain documents such as passports and driving licences in your name

Do not respond to a request to send your password via email. The message should simply be deleted.

You should always check the validity of a site before entering your details.

University of York sites asking for your username and password will password will generally begin one of the following:

• https://www.york.ac.uk
• https://shib.york.ac.uk
• https://deptname.york.ac.uk
• https://www.deptname.york.ac.uk
• https://www.yusu.org (York Students' Union site)

Web pages which don't include www.york.ac.uk at the start of the url - for example 'https://www.yorkit.com/www.york.ac.uk/login/', or don't include it at all, are unlikely to be genuine.

Do I need to contact the Library & IT Help Desk?

If you are unsure whether a page asking for your University username and password is genuine, please contact your DCO or the IT Support for advice.

There are always exceptions, for example the ComplyWise service used for online Health and Safety training - it's ok to check if you're not sure.

If a phishing message that you've received looks particularly convincing, please forward it to itsupport@york.ac.uk, as we may be able to trace other University members who have unknowingly been caught out by it.

Google Mail's spam service stops most spam, phishing and other scam email from reaching your inbox.

However, because spammers constantly change the messages they are sending, and the email addresses that they send from, the first few messages sent in any run will often get through.

If Google become aware that an account may have been compromised, they will suspend it and alert IT Services.