Most online attacks and viruses come through fraudulent emails, sent by people trying to get your username and password, financial details, or trying to plant viruses.
Fakes will often appear to be from people or companies you know such as:
- University of Kent departments, actual lecturers or staff at Kent, or current students.
- Organisations connected to university life such as student finance.
- External companies that many of us commonly use such as Paypal, Amazon, delivery companies or postal services, banks, travel companies and more.
We have measures to block these messages, but some will still reach you. From May we'll warn you when an email has come from outside the University.
How to spot a fake email
1. Check sender
Is their email address unusual, or sent ‘on behalf of’? University emails come from ‘kent.ac.uk’ (not kent.ac.uk.i.o/ or similar).
Even if it genuinely appears to come from someone you know, check this out if the message is unusual. The sender can be faked.
2. Red flags
Be wary if it’s an order you didn’t make, or if it’s asking for money or vouchers, even if it’s from someone you know. Their account may have been hijacked.
3. Does it have attached files?
Opening or even just previewing attachments can unleash a virus. Don’t preview or open any unexpected attachments. You’re curious, but do not peek. Don’t ‘enable content’ or ‘enable macros’.
4. Think before you click
Not all links are genuine: a text link in an email can say anything! It's best to avoid clicking links in unexpected emails. Instead, go to the organisation's web site in your browser and search for the information there.
- From a computer you can check where this link goes to by hovering your mouse over it: its destination is shown at the bottom of the screen. Note that even the address at the bottom could be fake though! More tips for checking link legitimacy
- www.kent.ac.uk.1.com would go to 1.com, not the kent website (anything before the .1.com is simply a name of an area on the 1.com website).
5. Sense of urgency
Look out for messages that are designed to convey a sense of urgency, such as ‘Failure to respond in 24 hours will result in your account being closed'.
6. Asked to confirm personal information
Be suspicious of requests for you to confirm your personal details. The University of Kent, Student Loans Company, Student Finance England (SFE) or Student Finance Wales (SFW) will never ask students to confirm login information or personal information by email or text message.
If you get a fake email
Delete it. Don’t reply, click links, view attachments or view images. Tell your colleagues about it, in case they get similar emails.
Never give out your Kent IT Account password (or any other password): we will never ask you for it. And we won't email links to web pages that ask for your personal details.
If a link in an email asks for your password, don’t provide it. To investigate, go to their website from a bookmark or Google.
If you think your password may have been compromised, contact us and change your password immediately.
Stopping the junk
Over 90% of the email received at Kent is spam: unsolicited junk email.
We have ways to block it so that it never arrives in your mailbox, using filtering mechanisms and a tool called Spamassassin. This blocks most spam. The emails that get through can end up either in your Junk folder or your Inbox.
It’s an ongoing battle to stay one step ahead of the spammers. Sometimes more spam gets through and then less again as our filtering catches up.
You can't email executable files
We block attachments containing executable (.exe) files within zip files, because a lot of malware and viruses are sent this way.
If you want to share an executable file with someone inside or outside the organisation, save it to your OneDrive and share it from there.
Find out all the ways you can get in touch.