Most online attacks and viruses come through fraudulent emails, sent by people trying to get your username and password, financial details, or trying to plant viruses.
Fakes will often appear to be from people you know at Kent, genuine departments, lecturers, real colleagues. Or from organisations connected to university life such as student finance.
We have measures to block these messages, but some will still reach you.
How to spot a fake email
1. Is it from who it says it is?
It might say it's from your friend or colleague, but you should check as this is often faked. Check the sender’s full email address: does it look right, is it readable, unusual, or sent ‘on behalf of’ another? Emails from the University should always come from a ‘kent.ac.uk’ email address. Even if it looks OK, there's a possibility too that their genuine email account might have been hijacked.
2. Did you order it?
An unexpected account summary, receipt or invoice is probably fake. Don't follow links to your account. Use a web browser to go online to find the relevant information or a contact phone number to investigate further.
3. Does it have attached files? Invoices and receipts are common
Opening or even just previewing attachments can unleash a virus. Don’t preview or open any unexpected attachments. You’re curious, but do not peek. Don’t ‘enable content’ or ‘enable macros’.
4. Check links: when is kent.ac.uk not kent.ac.uk?
Not all links are genuine. When creating a text link in an email you can make the link say anything.
- if you're on a PC or laptop you can check where www.kent.ac.uk goes to: hover your mouse over it and read what it says at the bottom of the screen (it goes to a blog entitled Spam Spottier Rules, which you can visit for more advice! Note that even the address at the bottom could be fake though!).
- www.kent.ac.uk.1.com would not go to the Kent webssite, it would go to 1.com. It's the bit directly before the .com that counts (anything before the .1.com is simply a name of an area on the 1.com website).
So the best advice is to avoid clicking links in unexpected emails: instead go to the organisation's web site in your browser and search for the information there. Tips for checking link legitimacy on a phone or tablet
If it is a fake
Delete it. Don’t reply, click links, view attachments or view images. Tell your colleagues about it, in case they get similar emails.
Never give out your Kent IT Account password (or any other password): we will never ask you for it. And we won't email links to web pages that ask for your personal details.
If a link in an email asks for your password, don’t provide it. To investigate, go to their website from a bookmark or Google.
If you think your password may have been compromised, contact us and change your password immediately.
How we stop spam getting to you
Over 90% of the email received by Kent is spam, which we block so you never see it.
We use filtering mechanisms and a tool called Spamassassin to block most spam. Some emails get through to your Junk folder or your Inbox.
It’s an ongoing battle to stay one step ahead of the spammers. Sometimes more spam gets through and then less again as our filtering catches up.
We block attachments containing executable (.exe) files within zip files, because a lot of malware and viruses are sent this way.
If you want to legitimately send an executable file by email, you’ll need to use an alternative method. Advice on sending files (click ‘Send and receive large files’)