skip to primary navigationskip to content

How to recognise phishing

What is phishing and how do I recognise it?

'Phishing' is an attempt to extract personal information including account details that can later be used for nefarious purposes.

Phishing for your email account details

This is a copy of a scam message received by Cambridge users. Its aim was to convince users to disclose the ID and password for their email account.

Date: Sat, 8 Aug 2009 05:23:00 -0700
From: Sandra Dudley <dudleys@[site-redacted].edu>
To: undisclosed-recipients:  ;
Subject: Mailbox Notice

Attn: Faculty/Staff/Students,

This message is from our Helpdesk Team to all webmail account owners.

We noticed that your webmail account has been compromised by spammers. It
seems they have gained access into our database and have been using it for
illegal internet activities.

The center is currently performing maintenance and upgrading its database.
We intend upgrading our Email Security Server for better online services.

To re-validate your mailbox and upgrade your account, please Click here

In order to ensure you do not experience service interruptions, please
upgrade your account to prevent it from being deactivated from our database.

Thank you for using our online services.
Sandra Dudley
For Helpdesk Team

In most email programmes, hovering a mouse over the "Click here" link in the message can reveal the scammers' link. Below is an image of the web page users found if they did click on the link. As you can see it is completely plain – no University branding/style – and the link in the browser title bar shows no link to the University.

phishing form

Unfortunately a depressingly large number of users used it and gave away their details (username, email address, password, real name). Only a few hours later, scammers logged on to one of these accounts and used it to send more scam emails.

Do not reply to this type of message, and do not go to any web link they include. We will never ask for password details in an email, but we may ask you to change it if we believe your account has been compromised.

Phishing for details including National Insurance number

In March 2011, a scam message was sent to a large number of people at Cambridge. While it was targeted towards students, the scammers also included staff in their recipient list.

screenshot of the messag

The link went to a mock up of a Raven login page. Notice the differences – the extra fields the scammers wanted people to complete.

mock up of Raven login page

How to tell if an email is really from a role address at the University (

See the list of genuine role addresses in the @cam domain (Raven protected). If it's not from one of these, don't trust it!

How to tell if an email is really from HMRC

HMRC maintains a web page to help you decide whether the email purporting to be from them is genuine: