Think before clicking

Phishing

Phishing is the kind of attack that works by trying to get you to click on links or attachments in emails pretending to be from a company or person that it is not really from, which then either installs malware on your computer or tries to extract some kind of information from you, such as passwords or personal data. It could also try and pressure you into engaging with the message in some way. Phishing can also arrive by message apps, social media, phone or texts: any communication method can be used. It may even contain personal information about you to make you think it is legitimate, taken from public records or online data breaches.

If you suspect a message is phishing then it is usually best to assume that it is and act accordingly. Do not interact with it, do not engage with it, and report it. If in doubt, do not click. 

If you have been sent or have clicked on a phishing Email

If you receive a suspicious email to your University account that encourages you to click a link, open an attachment or engage with it in a suspicious way you can report it with the following process: 

• You should "Forward as an attachment" the message. Depending on your version of Outlook there may be a button for "Forward as an attachment", or there may be an option under a "More" menu, or it may be under a menu button with three dots ("...") - if you cannot find it on your version, try typing "Forward as an attachment" into the "Tell me what you want to do" box.
• Send it to is.helpline@ed.ac.uk 
• You will receive an email back with guidance on what to do if you have clicked a link or opened an attachment from the suspicious email. 

If you have already clicked on a link or attachment and then realise that the email is suspicious then please reset your University password and report it to the IS Helpline immediately.