IT Services
ServiceNow
Fishing hooks hooked into credit cards placed on a computer keyboard, symbolizing online credit card fraud or phishing scams.

Email Phishing and Spam

What is phishing?

Phishing is the name given to the practice of sending emails purporting to come from a genuine company or organisation operating on the internet. The email attempts to trick the recipient into entering confidential information, such as credit card or bank details. The links contained within the message are false and often re-direct the user to a fake web site.

Many fake emails can look very convincing, complete with company logos and links that seem to take you through to the company website, although this too will be a fake.

The IT Service Desk will never send you an email requesting your username and password. In this context, do not respond to such emails and instead, report the email.

Fishing hooks hooked into credit cards placed on a computer keyboard, symbolizing online credit card fraud or phishing scams.

How do I report a suspected phishing or scam email?

  1. Do not click any links or attachments within the suspicious email.

  2. Do not provide your username, email address, password, or any other personal data such as bank details.

  3. Report the email:
    • In Outlook on the Web, select the ‘Junk’ button.
    • In the Outlook mobile app, please select the ‘…’ icon and select ‘Report Junk’ whilst the email is selected.
    • In the Outlook desktop app, select the ‘Report Message’ button on the Home ribbon.

  4. Delete any emails exhibiting suspicious characteristics.

  5. If you are at all in doubt that it might have been a genuine email, phone or otherwise contact the organisation to ask them if they have sent you this email. However, do not do this by replying to the suspicious email.


Remember, you can call us 24/7 365 days a year on 0300 500 5055 and we will be happy to help with any queries or concerns you may have.

What should I do if I entered my details?

We’re here to help. If you think you may have entered your details, then please contact us immediately 24/7 365 days a year and we’ll be happy to help.

Follow these steps if you think you may have entered your details into a phishing email:

  1. If possible, change your password immediately by visiting Password Reset.
  2. Call us on 0300 500 5055 to let us know what has happened so that we can offer the best advice to ensure your details are safe.
  3. If you use the same password elsewhere, please ensure you change your password on those platforms also.

How do I spot and avoid phishing scams?

WARNING: This email originated from outside University of Wales Trinity Saint David’s email system. Do not reply, click links, or open attachments unless you recognise the sender’s email address and know the content is safe.

If you see this warning message at the beginning of an email, the email was not sent to you by a UWTSD employee or student.

Emails received with this warning message where the sender purports to be a UWTSD employee or student should be reported. You should not open the email or click any links within it.

The following are all common phishing scams:

  • An email asks you to enter personal information, such as usernames, passwords, bank account details or a National Insurance number into a form in the email.
  • An email purporting to be from an organisation with which you have an account starts ‘Dear valued customer’ instead of mentioning you by name.
  • The email content is of a frightening or threatening nature, such as ‘Your account will be suspended unless you enter your username and password’.
  • An email asks you to click on a link and enter personal information into a form on the website to which that link takes you.
  • Another ploy is to send you a bogus order confirmation for an order you haven’t placed and ask you to re-enter your credit card details if you wish to cancel the order.

There are often clues which may help you spot that the email is fake:

  • The reply address of the email is different from the sender’s address. Don’t look at just the display name – look at the underlying address or email link target itself.
  • The sending email address can be faked, so even if it looks valid that doesn’t mean that the email itself is valid. Because replies to a valid address couldn’t be picked up by the scammers, they will instead include a different address in the body of the email and ask you to send your details there.
  • The reply address (and others) may be on a publicly available webmail service, such as hotmail.com or gmail.com. Anyone can set up such email accounts, but a legitimate company would have no reason to do so – they’ve already paid for their own domain name and email facilities.
  • The address of a faked website may appear to be similar to what you’d expect it to be, but the domain name is not the official one registered by the organisation. For example, Barclay’s Bank’s primary registered domain is barclays.co.uk, but a phishing email might link to an address such as barclays.biginternetbanks.com – the scammers would have registered biginternetbanks.com and configured it to host their own subdomains and fake sites.
  • The quality of the written English is often not of a high standard.

What do phishing emails look like?

You can find several phishing email examples directly on the phishing.org website. We highly recommend taking five minutes to read through their examples and information to familiarise yourself with a wide range of examples and what to look out for.

The below is an example of a phishing email sent to University addresses. Clues indicating that it is a scam message are highlighted.

 

From: support@uwtsd.ac.uk [mailto:willsk@eircom.eu]
Sent: Thu 05/02/2009 12:36
Subject: Dear student.uwtsd.ac.uk User

Dear student.uwtsd.ac.uk User

Your email account has been used to send numerous Spam mails recently from a foreign IP. As a result, the student.tsd.ac.uk has received advice to suspend your account. However, you might not be the one promoting this Spam, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your original username (*******) and PASSWORD (*******) as a reply to this message. On receipt of the requested information, the “student.uwtsd.ac.uk” web email support shall block your account from Spam.

Failure to do this will violate the student.uwtsd.ac.uk email terms & conditions. This will render your account inactive.

Thanks for using student.uwtsd.ac.uk

Online Training

It is compulsory for all staff to complete the following short courses and videos:


You must also familiarise yourself with all IT Policies including the IT Acceptable Use Policy.

Protect your Online Identity

  1. Never Share your login details – your username and password are personal to you.
    1. Find out what your Online Identity might look like and how to Stay Safe Online.
    2. University IT Support and genuine businesses will NEVER ask for your password.

  2. Strong Passwords – it’s best to use a passphrase which is a combination of three words put together with numbers and special characters.
    1. Find out how to choose a Secure Passphrase for your accounts
    2. Use a Password Manager to store and manage your passwords.
    3. If you think your university password has been compromised, use our Password Reset Service or contact us as soon as possible.

  3. Email Communication – always use email communication with care.
    1. Find out how to spot a phishing email and what to do if you may have provided your details by mistake.
    2. Learn how to Protect yourself from phishing emails.
    3. Don’t open email attachments from unknown sources and if you know the sender but aren’t expecting the email, check they sent it first.

  4. Antivirus Software – always use antivirus software and make sure it’s kept up to date.
    1. Find out what antivirus products are and how to make sure it is protecting your computer.

  5. Training – it is compulsory for all staff and highly recommended for all students to safeguard your IT interactions by completing our short Moodle Information Security Awareness course.

  6. LinkedIn Learning – make the most of UWTSD free access to LinkedIn Learning which provides online skills development courses and training.
    1. Simply sign in with your university email address and password.
    2. Complete the Cybersecurity Awareness: Phishing Attacks course.

Phishing Simulation Awareness

UWTSD runs quarterly phishing simulation exercises using Microsoft’s Attack Simulation tool. These are safe, controlled training exercises designed to help staff and students recognise and respond to real phishing attacks. 

During these exercises, staff may receive emails that look like real phishing messages but are created solely to test awareness and improve our collective security.

These training exercises commonly mimic:

  • Credential theft – fake login pages designed to capture passwords
  • Malicious attachments – emails containing suspicious files
  • Dangerous links – URLs that lead to fake websites

Phishing simulations are safe, controlled training exercises to help staff detect and respond to real phishing attacks. 

Why do we run these training simulations?

These exercises are designed to build staff awareness and show how we might respond to real world phishing attempts.

  • We’re more likely to learn in a safe, controlled environment
  • Training Simulations demonstrate what phishing looks and feels like
  • Attacks on universities are rising
  • To protect you and the university from malicious threat actors 

Phishing remains the most common initial attack method globally and is implicated in a large share of data breaches — driving many successful breaches worldwide. 

97% of higher and further education institutions reported experiencing phishing attacks, making it the most frequently reported attack type among UK universities. Government data shows 91% of UK universities encountered cyberattacks (including phishing) in the last 12 months, well above other sectors.

Many phishing breaches succeed because staff or students click malicious links or disclose credentials, bypassing technical controls.

Industry analyses show the “human factor” is a key part of over 90% of breaches — highlighting that technology alone cannot stop phishing

Any clicks on phishing emails links are captured, so that we are aware of what has been clicked on and when and you will be asked to complete cyber security refresher training. It’s important to note that the purpose of this exercise is learning and awareness — it’s not about catching anyone out or assigning blame, but we do ask that users learn from any mistakes.

It is expected that users do not make this mistake on more than one occasion in order to help reduce our risk when it comes to real phishing attempts. Line managers will be updated on the outcomes of the phishing exercises so that we can help increase awareness. 

For users who click on simulated phishing links (or both clicks on the link and provides their credentials), Microsoft automatically assigns the below follow-up training to help build confidence in spotting similar messages in future and is a standard part of the security tooling.

If you click a simulated phishing link but do not provide credentials

  • You will be assigned a minimum of one training module

If you click a simulated phishing link and provide credentials

  • You will be assigned a minimum of two training modules

The training is mandatory and takes approximately 10 to15 minutes per module. It is designed to help everyone stay confident in recognising potential threats and helps to strengthen the university’s overall security posture.

For each phishing simulation, UWTSD gather the following metrics for users who click on links and/or provide account details – 

  • Username, user email address, job title, department, and line manager.
  • Date and time simulation link was clicked.
  • Whether credentials were entered.

Note: Neither UWTSD nor Microsoft stores any credentials entered during a simulation.

The university is actively monitoring the training completion of assigned modules. 

You can review your training status by visiting my training assignments

Defending the university against cybercrime and security threats is everyone’s responsibility.