BEEN SCAMMED ONLINE?

Victims of fraud or cyber crime should report the crime to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.

You can also report email, SMS and phone call scammers to the National Cyber Security Centre (NCSC)
Learn more: https://www.ncsc.gov.uk/collection/phishing-scams


EMAIL PHISHING ATTACKS

WHAT IS “PHISHING”?
Here is an extract from Wikipedia (Line breaks added to make it easier to read online) :

[ BEGINS ]
“Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.

Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.”
[ ENDS ]

Phishing attacks can be very sophisticated and will get harder to spot as time goes on – so be on your guard.

PHISHING TIPS 
a. Beware fake emails and websites trying to steal your passwords and personal information.
b. Does the message demand money? A fine, an unpaid bill, or to purchase gift cards for a client or colleague?
c. Is the message putting pressure on you to act immediately?
d. Does the message ask you not to tell anyone? Because it is a surprise or it is embarrassing?
e. Do not engage with the scammer – even if you know it is a scam.
f. Responding to phishing attacks confirms that the method of attack is valid and they will try more sophisticated messages. Your account may be abused and cause you untold problems.
g. Never reveal your password to anyone, not even IT staff.
h. Use some common sense.
i. If you are unsure, do not be afraid to ask for help.

CAUGHT IN A TANGLE? – NEED HELP?
You can always email the IT Office at anytime or come and see us during office hours to discuss matters like Phishing. We would rather answer the same question ten times than have to clean up an avoidable mess.

Learn more about phishing – https://infosec.ox.ac.uk/phishing

WANT TO HELP TACKLE THE PROBLEM? – LEARN MORE
If you get an email which asks you to provide your personal information and you believe that it is bogus, we encourage you to forward the message, together with the message’s Full Headers, to IT Services – phishing@infosec.ox.ac.uk

WHAT TO DO IF GAVE THEM YOUR PASSWORD
Users who have actually been phished (ie disclosed their Oxford credentials) must treat this as a security incident.

  • Change your password immediately
  • Change any account passwords that use your Oxford account for password recovery
  • If you gave away your Oxford password then you must report it as an incident by email to oxcert@infosec.ox.ac.uk
  • Contact your local IT Support

What you can do to help:
http://help.it.ox.ac.uk/email/phishing/index#howtohelp

How to view full headers of an email:
http://help.it.ox.ac.uk/email/headers/index

More information about Phishing attacks can be found here:
http://help.it.ox.ac.uk/email/phishing/index


PHISHING QUIZ

THINK YOU CAN OUTSMART AN INTERNET SCAMMER?
Can you tell the difference between a legitimate website and one that’s a phishing attempt? Take this quiz from OpenDNS to find out:
http://www.opendns.com/phishing-quiz/