![University of Exeter](/v8media/global/images/UOE-green.svg")
Phishing
Phishing is a cyber attack which tries to get your username/password or other vital information, to scam money, or to plant viruses. It’s the most frequent form of cyber attack at the University of Exeter, so it’s essential to know how to identify and report phishing attacks.
Identifying Phishing Emails
Check the sender's address. Don't trust the display name as this is usually changed to appear legitimate. When checking emails on a mobile device, always tap on the display name to reveal the sender's address. Ask: would this person contact me from this address?
Check who the email is sent to. Look out for emails sent to 'undisclosed recipients' or to the sender's name, both indicate that you're in the BCC field. Also look at who else the email is addressed to. Ask: if this is really for me why is it addressed like that?
Check the content. Poor spelling, grammar and formatting can be indicators that the email is phishing. The use of emotionally-triggering language to create urgency is very common. Look at the subject line, the salutation, the body of the email, and the signature for signs of the above. Sometimes there's no content at all, only a subject line. Ask: would this person send an email that looks like this?
Check the links. Before clicking on any links, hover the mouse over them to see where they go. Ask: does the target URL look genuine?
Check the attachments. Look at the filename and the file extension. Rather than opening the file, download it and run an antivirus scan on it first. Ask: were you expecting this file, does it look genuine, did the scan come back clean?
Reporting Phishing
If a suspicious email needs urgent attention please forward it to itsecurity@exeter.ac.uk, otherwise please use the reporting options described below.
Outlook (legacy)
Ensure the message is selected in Outlook, then from the toolbar choose Report Message as shown:
Select either Junk or Phishing as appropriate; you will see the following message, highlighted in red below, display for a few seconds at the top of the email.
The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.
Outlook (new or browser)
If you are using the most recent version of Outlook (or Outlook in a web browser), please follow the below steps to report a Phishing email.
Ensure the email is selected and choose Report from the ribbon as shown below.
The following message will display.
​â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹â¶Ä‹C±ô¾±³¦°ì&²Ô²ú²õ±è;Report, and then OK on the subsequent message; the email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.
Outlook on Android
If you are using Outlook on your Android device please use the following steps.
Select the message and tap on the ellipsis (â‹®) at the top of the screen.
Choose Report phishing.
The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.
Outlook on iOS
If you are using Outlook on your iOS device please use the following steps.
Select the message and tap on the ellipsis (...) at the top of the screen.
Choose Report Message.
Select Report as phishing.
The email will be moved to your Deleted Items folder and flagged to IT Security Operations for further investigation.
Further Information
Further information about phishing can be found on our , including the results of our and examples of received at the university.