It has become apparent that in the last few weeks there has been a sector wide increase in the number of 'phishing' emails that have been sent to Students in an attempt to trick students out of their money.
The information provided in this email is intended to educate you on the issue, as well as provide information on how to identify and respond to these phishing campaigns.
What is 'phishing'?
Phishing is a means of 'cyber attack' using social engineering, that typically takes the form of fraudulent emails designed to acquire sensitive or valuable information. Additional information is available on the ActionFraud website.
What is the intention of these emails?
In the case of those phishing emails recently reported, recipients are being prompted to make early payments in exchange for a significant discount to their tuition fees.
The recipient is asked to reply to the fraudsters with personal and financial information for the purpose of paying these fees.
How do we identify these phishing emails?
There are generally some easy ways of identifying a fraudulent phishing email:
1. It is possible to 'spoof' the name associated with the email account and while the email may appear to come from a member of Ravensbourne staff at first glance the sender (From) address will not display an official @rave.ac.uk email address.
2. The message content will generally be poorly written, demonstrating bad grammar and typographic errors.
3. Rather than merely advertising a discount, the message may portray a sense of urgency in an attempt to force the recipient into an impulsive action.
4. The email may provide payment instructions for a financial institution not used by Ravensbourne (i.e. TSB Bank).
5. The email may not be signed by an individual, instead using a generic name such as 'finance team' or 'admissions department'.
6. The email may contain hyperlinks to a web site or other external source.
What do we do if we receive, or are made aware of, these phishing emails?
The following actions should be taken if you receive, or are made aware of a Phishing email:
- Do not reply directly to any emails that you are suspicious of.
- Contact firstname.lastname@example.org if you are unsure of it authenticity.
- If you have accidentally clicked on a link within a phishing email, or sent information to a recipient that you have subsequently identified as being fraudulent, contact IT Services immediately (email@example.com)
Thank you for taking the time to read through this information. If you are ever in any doubt, please do not hesitate to ask contact firstname.lastname@example.org for advice.