Online fraud and phishing emails

Online fraud and phishing emails

example image of a phishing email

Phishing uses fraudulent emails and websites to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, etc. Such attempts are increasingly professional andboth the email and website may look entirely genuine, mimicking the trusted brand identity of the organisation involved. Banks, credit card agencies and online services such as Student Finance England, Barclays Bank, eBay, Natwest and Paypal have all been targeted. Fake tax refund scams are also targeting university students. HRMC will never inform you about a tax refund by email, text or voicemail.

The University uses Microsoft Defender to detect and handle emails which are suspected to be spam, phishing or malware. Any suspect emails will go into your Junk folder or put in your Microsoft Quarantine, which will be accessed from a weekly email from with the subject “Microsoft 365 security: You have messages in quarantine”. In either case you can release them to your Inbox if you are absolutely sure they are safe.

Student finance phishing emails

Students are often targeted with scam emails around student finance payment dates. The latest example (image above) has the subject line Student loan information and claims to be from the Student Loan Company, and asks you to update your account. As with all phishing emails DO NOT REPLY and DO NOT enter any of your details. The emails often look genuine but don't be fooled.
Student Finance England will never ask you to confirm your login or user details or ask you to update your bank details or student account information by email. If you do get such an email forward it to then delete it from your system.
The University will not reimburse any student for any student finance payments which are misappropriated as a result of details being obtained from the student through previous or future phishing incidents.

Top tips to spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at the three main instalment payment dates in September, January and April
  • Always ensure that you're using a secure website when submitting credit card or other sensitive information; look out for "https://" and/or the security lock
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often tell-tale signs of phishing

Protect yourself

  • Do not give out personal information in response to an unsolicited contact, whether by phone, email or other medium
  • Note that responsible organisations will never request such information by email
  • You must be very careful when asked to give out security information such as a password, pin number or security code and be particularly suspicious if too much is asked for; increasingly banks only ask for partial information for example the third, fifth and first digit of a pin
  • Do not be too reassured by the locked padlock icon on your browser: It simply means that the internet transaction is encrypted (and so very difficult to intercept) - not that it is going to the genuine site
  • Although online fraud is increasing, be aware that most credit card fraud is still in restaurants; do not let your card out of your sight
  • Note also that there is a rise in fraud through monitoring personal information at cash machines - do not use a cash machine if you see anything strange about it, there have been incidents where miniature cameras have been used to record pin numbers, while a realistic false front has been installed to record (or "skim") card details
  • Be sure you are going to the correct site by typing the address yourself or by using your own personal bookmark
  • You are recommended to delete the fraudulent message, though if you are particularly concerned, do feel free to report the matter, but do not attempt to engage in correspondence with the sender
  • If an offer seems to good to be true, then it probably is not true, particularly if is is the promise of money from a lottery you have not entered or money for handling a large sum for somebody you have never met
  • If think that you have followed links in phishing emails please change your Student Finance England password and check the details on your Student Finance Account carefully. In particular please check that there have been no small changes made to your contact details such as your phone numbers and emails and that your bank details are correct.

More advice on phishing

Bank Safely Online

Student Loans Company guidance on phishing