Have you ever been sent a phishing email? And more importantly, do you know what to look out for?

Most of us have been on the receiving end of a phishing email at one point. Make sure you know how to identify a phishing email – and what you should do if you receive one.

How to protect against phishing attempts

What is phishing?

Phishing emails try to get you to hand over your personal information. This might be passwords, bank details or account usernames.

They might also try to trick you into opening a seemingly legitimate or ‘urgent’ attachment that contains ransomware, or malware with key-logging capabilities.

On first glance, phishing emails look like they are from a trusted source, such as a bank, well-known retailer, or even LSE.

Sometimes, the sender can be just another compromised email account.

Not sure what a phishing email might contain? Here’s a brief guide on what to look out for:

  • Suspect links
    Links look they direct you to a reputable website, but if you hover your mouse over them, the URL is different (i.e. lse.ac.uk.cn, instead of lse.ac.uk)
  • Suspect email attachments
    An invoice or shipping notice of an item you did not order; a document shared by someone unknown to you or which you did you expect to receive
  • Unusual requests
    An email asks you to follow a link to provide or update your personal information
  • Poor spelling and grammar
    If the email appears unprofessional, it might not have come from a legitimate source
  • Expression of a sense of urgency
    An email that contains a court order demanding you to appear at court by certain deadline; an email that threats to expire your password if you don’t follow the instructions there

If you think you’ve been sent a phishing email, do not respond. Delete it immediately and report anything suspicious to InfoSec.

We’ve got more information on staying safe from phishing attempts on our website.

What about spoofing?

Spoofing is an attempt to trick you into opening a malicious file, clicking a malicious link, processing an urgent payment request, or simply providing more information that are useful to the attacker, by fooling the recipient into believing they know the sender.

Responding to spoofing emails with the requested information helps the attacker to get their way. Opening the attached file or clicking on the link puts your computer at risk of being infected with malware of a virus.

We’ve covered how to protect yourself from spoof emails in a previous blog post.

If you have any concerns about phishing or spoofing, get in touch with the Service Desk (staff & PGR) or Help Desk (taught students).