Suspicious Emails Reporting

If you receive a suspicious email and wish to raise it with ISG to determine if it is something to be concerned about, there are several routes you can take. In this guidance, we will walk you through some common types of malicious emails that are sent and which route would be best to report each kind of email.

Common Types of Emails Received

Although phishing and spam often take new forms, there are some common templates that are consistently reused. Here are some examples:

1. Spoofing: This occurs when a scammer pretends to be someone or something else to gain your trust. A common version is an email from a “colleague” asking if you’re free and requesting something like Amazon gift cards if you reply. They can also take the form of a third party asking you to review a bill or receipt or informing you that a package has been delivered. If you receive an unexpected email like this, please check with the sender (via a different route than email or however they contacted you) to verify if it is a genuine communication.
2. Blackmail Scam: These scam emails claim to have gained access to your computer via malware and to have access to sensitive files on you (such as having recorded you without your knowledge), asking you to pay them in Bitcoin or they will release the files publicly. They often provide “evidence” of the breach, such as spoofing your own email address or providing you with a password that was leaked in a public data breach. Please be aware that these are rarely evidence of an actual compromise of your account. While it is good to report these emails and change any passwords provided in the scam email, they are not necessarily a cause for worry.
3. Lottery or Prize Scams: These emails claim that you have won a large sum of money or a prize, often requiring you to provide personal information or pay a fee to claim it. Legitimate lotteries do not ask for payment to receive winnings. Treat such emails with scepticism and do not provide any personal information.

Reporting Suspicious Emails

If you receive an email that you wish to have investigated, you can take the following steps:

1. Send the Email to phish@ucl.ac.uk: When you send an email to this address, it will automatically scan the email and provide you with an automated response with the result. You can also click on the “Report Phishing” or “Report Junk” buttons (instructions shown here), which will provide you with the same automated response.
2. Raise it Directly with ISG: If you believe that the classification given was wrong, or you still want a security analyst to directly review the email, you can raise a ticket with ISG with the email included, which can be done here.

Non malicious emails

You may receive spam or junk emails which, whilst annoying, will have no harmful links or documents within them.  In these cases, you will not need to report them via Outlook – you can block the sender and safely ignore the email. If you are worried that the email may have been sent to multiple people in UCL, you can report it to ISG, where we can explore if it was sent to multiple addresses and, if it is a large enough campaign, can request the address be blocked university wide.

Best Practices for Email Security

• Verify the Sender: Always check the sender’s email address carefully. Scammers often use addresses that are similar to legitimate ones but may have slight variations.
• Hover Over Links: Before clicking on any links, hover your mouse over them to see the actual URL. Ensure it matches the legitimate site. If the end site asks you to input any details, only do so if you have already ensured the email and the site are both genuine.
• Check with the Sender: If you were not expecting the email, check with the sender (via a different mode of communication, such as Teams) to verify if they sent the email.
• If in Doubt, Report: If you have any doubts, report the suspicious email via the methods provided.