We are sad to report that a number of online scammers across the globe have been taking advantage of the coronavirus situation to launch phishing attacks. 

A phishing attack is a fraudulent message purporting to be from a reputable source and encouraging you to reveal personal information – such as passwords and financial details.

We’ve been made aware of several email, SMS and cold calling phishing campaigns related to the coronavirus, some of which are very sophisticated. You can find an example of one opposite but please read on for tips on how to spot a phishing message, and what to do about it.

Things to consider

• Unsolicited col calling about investment opportunities is illegal - if you have received a cold call about investments, this is a sign that you are being targeted for a scam
• Cryptocurrencies are not regulated by the Financial Conduct Authority so if you lose money to this means, it cannot be returned to you
• Legitimate investment companies are listed on the FCA's Financial Services Register; you should always check before committing to investing any funds
• Never download suspicious software that allows people to access your device
• The Home Office or Police will never call your to request payments or ask for personal details

How to spot a phishing email:

• Are you expecting to receive an email from this person/company? If not, treat it with caution.
• Is the email addressed to or is the greeting something more generic such as ‘Dear customer’? Treat the latter with caution.
• Check the email sender’s domain name (the last bit of the email address) – something like enquiries@homeoffice.gov.uk is likely to be trustworthy while UKhomeoffice@gmail.com is certainly not
• Be wary of suspicious looking URLs in emails – again, an unbroken domain such as gov.co.uk or gov.co.uk/login would be trustworthy whereas login-at-gov.co.uk would not.
• Look out for poor spelling and grammar – most companies employ professional copywriters to write their emails. Scammers usually do not.
• Any email asking for personal information such as a PIN, password or financial details should be treated with extreme caution, as should an email that asks you to download something.

How to spot a phishing SMS:

• SMS messages from official bodies will appear as being sent by ‘UK_Gov’ or ‘NHSNOREPLY’, not a personal number.
• When dealing with SMS messages you should also bear in mind the above advice relating to spelling, grammar and suspicious links.
• The government will not send you a fine via SMS for leaving your home during lockdown – nor will it ask you pay a bill.

If you think you have received a phishing email or SMS you should try to delete it before opening it, if possible. If you do open it, be careful not to click any links and delete it as soon as you can. You should report it to the organisation that the message was claiming to be from.

If you receive any messages asking you for your University credentials, please forward it to itservicesdesk@nottingham.ac.uk before deleting it.

More advice around spotting phishing messages can be found on the IT Services webpages.