Like most people, you will occasionally receive fraudulent emails—some of which can look very convincing. Knowing the signs and taking the right steps can greatly reduce the risk of school or personal data being compromised.

Why Phishing Works

Phishing emails use social engineering tactics to trick you. They often:

  • Create urgency (e.g., “Your account will be suspended unless you act now”).
  • Exploit curiosity (e.g., “Invoice attached”).
  • Pretend to be trusted brands or colleagues.

Common Sources of Phishing Emails

Fraudulent emails often appear to come from:

  • Amazon
  • eBay
  • PayPal
  • Banks
  • Phone companies (EE, O2, Vodafone)
  • Delivery services (DHL, Parcel Force)
  • Travel companies
  • Student Finance
  • Even fellow employees (via hijacked accounts)

Golden Rules

  • Never click links if you have doubts. Hover over links to check the actual URL—it may not match the text shown.
  • Do not download images or remote content unless you are sure the email is genuine.
  • Never reply to suspicious emails or open unexpected attachments.
  • Report phishing attempts to IT Support immediately.

If You Suspect Fraud

  1. Verify outside the email. Search for the organisation’s official website in your browser and log in from there.
  2. Do not enable macros or “Enable Content” in attachments—this is a common malware trick.
  3. Check the sender’s email address. Is it unusual, misspelled, or “sent on behalf of” another account? Even if it looks correct, accounts can be hijacked—call the person if unsure.
  4. Mark as junk and delete. Do not engage.

If You Clicked or Responded

  • Contact IT Support immediately.
  • If you think your bank or card details are compromised, contact your bank or bursary straight away.
  • If your school password may be compromised, IT Support will reset it. For third-party accounts, reset your password immediately using their reset options.

Password Best Practices

  • Use unique passwords for every account. Please done use the same password for all your accounts
  • The longer your password is the better you can add complexity, but length is always going to be better 
  • Enable Multi-Factor Authentication (MFA) wherever possible.
  • Never share your password—no reputable organisation will ask for it.

Clues That an Email is Fraudulent

  1. Claims you ordered something you didn’t.
  2. Unexpected attachments—delete without opening.
  3. Poor grammar, spelling mistakes, or odd formatting.
  4. Urgent language or threats.
  5. Links that don’t match the displayed text.

Other Phishing Channels

  • SMS (Smishing): Fake texts with links.
  • Phone calls (Vishing): Scammers pretending to be from banks or tech support.
  • Social Media: Fake friend requests or messages with links.

Remote Access Scams

Some emails or calls claim to be from companies like Microsoft, saying your PC has a virus and offering a remote connection to “fix” it.
Never allow remote access unless authorised by IT Support or you are absolutely sure it’s legitimate.

Reporting Helps Everyone

Forward suspicious emails to IT Support or use the “Report Phishing” button if available. Reporting helps block future attacks.

Final Note

We block most fraudulent messages before they reach your inbox, but some still get through. By following this advice, you’ll greatly reduce the risk to your work and personal data.

If you check personal email on school computers, remember: we cannot filter or control those accounts.