Phishing (pronounced “fishing”) is a cybercrime that involves tricking individuals into divulging sensitive information such as passwords, credit card details, or personal identification.

How big is the threat?

Phishing attacks continue to be a major concern worldwide, with a significant impact on individuals and organizations alike. In 2021, phishing attempts accounted for 83% of the total number of cyberattacks reported globally, underscoring the prominence of this threat. In 2022 this number increased to 90%. In 2023 initial reports suggest this is likely to remain as high or even be higher.

Remember: It only takes one person to click on the wrong link for our whole network to be exposed to criminal activity – don’t let that person be you!

What should I look out for?

Here are the top ten email subjects from recent spam attempts (in no particular order). As you can see, often the phisher has got information about you, your manager and your organisation to make the email seem more realistic.

Unusual sign in activity
Click to enlarge
  1. Urgent!
  2. HR: Staff Rewards Program
  3. IT: Important Email Upgrades
  4. Activate your DropBox account
  5. Your payment is overdue
  6. Microsoft 365: [display_name], Password has expired
  7. Amazon: Action Needed: Purchase Attempt
  8. Available? [manager_name] is trying to contact you
  9. Teams: [manager_name] invited you to join a Team
  10. Microsoft 365: [display_name], MFA Security Review is Required

Here are some commonly impersonated organisations:

PayPal scam
Click to enlarge
  • Your own *
  • Microsoft (including Teams, OneDrive, SharePoint)
  • LinkedIn
  • Google (including Google Chat and Google Docs)
  • PayPal
  • WeTransfer
  • WhatsApp
  • HSBC
  • Instagram
  • HMRC and other government departments

*Hackers pretending to be someone from your own organisation has the most success and has increased during 2023. 

What can I do?

It’s crucial to arm yourself against phishing attacks to ensure your personal and academic information remains secure. Here are some essential steps to take:

Keep Yourself Updated: Awareness is your first line of defence. Understand the tactics used in phishing attacks and train yourself to identify suspicious emails, messages, or websites. 

Verify the Source: Before clicking on any links or sharing personal information, verify the sender’s identity. Be cautious even if an email or message appears to be from a familiar source.

Stay Cautious: Be wary of unsolicited emails, especially those requesting personal or financial information. Legitimate organizations rarely ask for sensitive data via email.

Think Before You Click: Avoid clicking on suspicious links or downloading attachments from unknown sources. Hover over links to see the actual URL before clicking.

Use Strong, Unique Passwords: Create strong passwords using a combination of letters, numbers, and symbols. Avoid using the same password for multiple accounts.

Enable Multi-Factor Authentication (MFA): Set up MFA for an extra layer of security by requiring a second form of verification, such as a code in an Authenticator app, in addition to your password. This makes it significantly harder for attackers to access your accounts.

Keep Software Updated: Regularly update your operating system and applications. Cybercriminals often exploit known vulnerabilities in outdated software.

Use Apps Anywhere to make sure you are using the most up to date version of software with the latest security patches.

Report Suspicious Activity: If you receive an email or message that seems suspicious, report it to us. Your vigilance could help protect others from falling victim to the same attack.

Further information and contact

We have a Cyber Security section on the DTS website, which also includes information about spotting phishing attempts. 

For more general information about keeping yourself safe online, have a look at the National Cyber Security Centre website.

If you have any questions or need any advice, please contact the IT Service Desk.