Online scamming has developed into a sophisticated business with criminals using clever tactics to trick people.
Primary page content
When entering any personal information into a website check:
- It displays the padlock symbol in the address bar (https, not http). The padlock signifies that the data will be encrypted
- You arrived at the website through a route you can trust, for example a link on gold.ac.uk or the official website of the company you are dealing with
- Check links by hovering the cursor over the link to see the details of the web address you are about to go to. Avoid any link that looks different to the name of website
Be especially wary of attachments in emails as these could be virus files that infect your computer. If you wouldn’t expect to receive a file from the person who sent you the email don’t open it. Businesses rarely send out files to their customers.
You can check URLs at Google’s transparency report.
Phishing is a scam where criminals typically send emails that pretend to come from banks, credit card companies, online shops and other trusted organisations. Some criminals have tried to impersonate Goldsmiths.
They usually try to trick you into going to a website, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that looks exactly like the real thing but is actually a fake designed to trick victims into entering personal information.
Ways to spot a phishing email include:
- Read your emails carefully. Does what they are asking you to do make sense? If it seems suspicious, it most likely is
- It begins with ‘Dear’ but does not use your name, and perhaps calls you a ‘valued customer’ or ‘user’
- The email claims to be urgent, or threatens to close your account if you don’t reply
- The sender’s email address does not match the domain it should be coming from. An email from a Goldsmiths member of staff for example, should end in @gold.ac.uk. If it does not, do not trust it
- Links in the message do not match the domain of the sender
- The message is poorly written, with incorrect spelling or grammar. This is especially a giveaway when the message is received from a sender masquerading as a trusted or reliable organisation
- The email signature looks strange
Give yourself five minutes to think before responding to emails.
If you receive any phishing or suspicious emails to your @gold.ac.uk email send them as an attachment (rather than forwarding) to email@example.com. You can also report them within Outlook by clicking 'Report Message' and selecting Phishing.
Ransomware and malware
Ransomware is a form of malware that gives criminals the ability to lock a computer from a remote location – then displays a pop-up window informing the owner that it will not be unlocked until a sum of money is paid.
- Do not reply to or click on links contained in unsolicited or spam emails from companies or individuals you do not recognise
- Visit only websites you know to be reputable
- Always install updates to software and apps – including operating systems – as soon as prompted
- Ensure you have effective and updated antivirus/antispyware software
- Regularly back up all your data
Report suspicious emails and activity to the IT Service Desk.