LSE has been targeted by a phishing attempt which asks students and staff to click on a link to complete a survey.
The message claims that the survey will both help avoid online identity theft and improve the quality of teaching. The emails that we have seen have come from compromised LSE accounts: It is not a genuine LSE email.
How to tell if an email is a phishing attempt
Although phishing and spoofing* emails can vary, there are often common things to look out for. Messages might include:
Spoofing/scam or phishing attempts, often contain similar types of messages. Examples of topics include:
- Your email has been suddenly stopped, and you need to click on a link and enter your username and password to reactivate it
- There are emails that have been held back, and you need to click on a link and enter your username and password to access them
- You need to click on a link and enter your username and password in order to upgrade your email account
As the emails are not genuine, one other way to spot them is by looking at who has actually sent the message and where the links point to.
To check the link location, hover your cursor over the hyperlinked text and the true URL will be revealed. From here you should be able to tell it is not pointing to a legitimate LSE source.
Remember, legitimate IMT Service Desk emails will never come from from a personal LSE account.
When in doubt, please don’t click on any links and contact us to verify and check the email.
To report a suspicious email, use the following steps:
- Create a new email in Outlook, with ‘Phishing Attempt’ in the subject line
- Drag and drop the phishing email into the email you are preparing to send
- Send to: firstname.lastname@example.org
To report a phishing email in Office365, please use the ‘Junk’ – ‘Phishing’ option.
You can also call us on 020 7107 5000 | x5000