Think before clicking

Take care what you click on. Phishing is the most common kind of attack.

Phishing

Phishing is the kind of attack that works by trying to get you to click on links or attachments in emails pretending to be from a company or person that it is not really from, which then either installs malware on your computer or tries to extract some kind of information from you, such as passwords or personal data. Phishing can also arrive by message apps, social media, phone or texts: any communication method can be used. It may even contain personal information about you to make you think it is legitimate, taken from public records or online data breaches.

If you suspect a message is phishing then it is usually best to assume that it is and act accordingly. If in doubt, do not click. 

If you have been sent or have clicked on a phishing Email

If you receive a suspicious email to your University account that encourages you to click a link or open an attachment, you can report it with the following process: 

  • On the email itself, next to the ‘Forward’ button, you have the option to “forward as an attachment” - click this (it may be under a "More" button). 

  • Send it to is.helpline@ed.ac.uk 

  • You will receive an automated email back with guidance on what to do if you have clicked a link or opened an attachment from the suspicious email. 

If you have already clicked on a link or attachment and then realise that the email is suspicious then please reset your University password and report it to the IS Helpline immediately.