Spam: unwanted, junk email, typically sent to large numbers of people, for the purposes of advertising, phishing, spreading malware, etc.
Phishing: fake email messages that claim to be from an organisation that you may trust (eg universities or banks). Often ask you to provide your personal details by replying or clicking a link. They may suggest you’ll lose your account if you don’t do so.
Targeting HYMS students and staff
To protect your data and that of other people, it’s vital to learn how to spot phishing messages and other scams.
If we suspect your account has been compromised, IT Support will lock/disable your account until we have spoken with you and made sure that it is secure. If you are unable to log in, please contact us.
If you think you have given away your details to phishers, get in touch with us as soon as possible.
I think I’ve fallen for a phishing scam, what do I do?
If you, or anyone in your department falls for a phishing scam:
1. Report to your bank immediately if any bank details are involved
2. Change your HYMS account password: Changing or Resetting your HYMS password
3. Contact the HYMS IT Help Desk, who will:
- Help you make sure your account is fully secured
- Provide advice specific to the compromise
- Track down other users who may have been affected
4. To help us Investigate a Phishing Scam please follow the guidance below
What should I do if I receive a suspicious email?
Step 1: Check the validity of the email
You should always check the validity of a site before entering your details.
Do not respond to a request to send your password via email.
Do I need to contact the HYMS IT Help Desk?
If you are unsure whether an email asking for your HYMS/University username and password is genuine, please contact the HYMS IT Help Desk for advice.
There are always exceptions, for example the ComplyWise service used for online Health and Safety training – it’s OK to check if you’re not sure.
Step 2: Report Phishing emails to Microsoft
Report Phishing – within Microsoft 365 / Outlook on the Web
By using the built-in reporting feature, you are helping the campus combat potentially malicious emails. Collectively, the more malicious emails that are reported, the better our email service can become at filtering out unwanted emails like phishing and sales spam.
While in the Outlook online app:
- Click on the email that you would like to report as Junk or Phishing.
- On the top ribbon next to the “archive” button, click the Report button.
- One of the options should be Report Phishing or Report Junk.
- Click the Report drop down arrow & select Report Phishing.
- The email will automatically go to your Trash folder, and Microsoft will also be notified to improve our spam filters.
Report Phishing – within the Outlook Desktop App for Windows
Please note, the option to install this Add-in may not be available on certain Outlook versions.
While in your Outlook windows desktop environment (Outlook on Windows and Mac or Mobile):
- Head to the ‘Get Add-ins’ button in your Home Toolbar
- Search for the ‘Report Phishing’ add-in using the search bar and open the app by clicking on the search result.
- Once you find the ‘Report Phishing’ app – Add it.
- You will see the add-in in your Outlook Home menu.
- To report a suspected phishing attempt, in the message list, select the message or messages you want to report.
- Above the reading pane, select ‘Report Phishing’ > Select ‘Phishing’.
- The email will then automatically go to your Trash folder, and Microsoft will also be notified to improve our spam filters.
How has the Hull York Medical School been targeted?
Sometimes scammers target members of HYMS, either with specific details, or by pretending to be IT Services or other departments.
- Email messages appearing to be from IT Services, asking for your username and password, and saying that your email account will be closed if you don’t reply.
- Some students have received emails appearing to be from the Student Loans Company.
- Some staff have received very targeted emails which address them using their name, and which refer to their academic or professional interests – for example, referring to papers that they’ve written. These messages include links which purportedly allow them to view useful information or submit new papers. The links request a username and password.
- Compromised accounts are often used to send spam emails. If you’re sent an email, it may not be from the person it appears to be from.
Always be wary of unexpected emails, no matter how genuine they seem.
What’s the worst that could happen?
Falling foul of spam or phishing emails may mean that your accounts are compromised, including your university accounts, and bank accounts. It may even result in cases of stolen identity.
What’s being done to stop the messages?
Microsoft 365’s spam service stops most spam, phishing and other scam email from reaching your inbox.
However, because spammers constantly change the messages they are sending and the email addresses that they send from, the first few messages sent in any run will often get through.
If Microsoft become aware that an account may have been compromised, they will suspend it and alert HYMS IT Services.