Posted on 18 September 2023
To protect yourself and your personal information, you need to be able to spot phishing messages and other scams.
Spam: unwanted, junk email, typically sent to large numbers of people, for the purposes of advertising, phishing, spreading malware, etc.
Phishing: fake email messages that claim to be from an organisation that you may trust (eg universities or banks). Often ask you to provide your personal details by replying or clicking a link. They may suggest you'll lose your account if you don't do so.
Your username and password are vital pieces of your University identity - you need to keep them safe. Never share your password, if anyone else does know it you need to change your password.
We all think we won’t be caught out, but every year IT Services have to lock accounts when students or staff fall victim to scams. Try out this quiz to see how good you are at identifying the fake emails:
Scam emails vary greatly, look out for all of the following but bear in mind that a phishing attempt may only feature one or two of these signs:
Do not respond to a request to send your password via email. The message should simply be deleted.
Before you login or enter your details, make sure you’re on the right website. Phishers can make convincing copies of other people’s websites, so you should always check the URL at the top of the page.
If you are unsure whether a page asking for your University username and password is genuine, please contact your DCO or IT Support.
If a phishing message that you've received looks particularly convincing, please forward it to itsupport@york.ac.uk who may be able to trace other University members who have been caught out by it.
There’s even more advice from IT Services, including tips for spotting genuine University websites, at:
If IT Services suspect your account has been compromised in any way, they will lock/disable your account until they have spoken with you and made sure that it is secure. If you are unable to log in please contact IT Support.
If you, or your friends, fall for a phishing scam: