With growth of digital services, and greatly increased online activity over the past 18 months we’ve grown so comfortable with using the internet and giving out personal details online, whether its to order an Uber, Deliveroo or do some online retail therapy – it’s easy to forget there are people out there who are up to no good. While the majority of sites and apps are legitimate, unfortunately digital scams are amongst the most prevalent types of crime in the UK, and we’ve been made aware of a number of scams that target students to defraud them out of money.
To make sure you and your personal data remains safe, we thought we’d refresh you with the do’s and don’ts of online safety.
Beware of being baited into a phishing scam
Phishing emails are one of the most common online scams. Phishing scams aim to trick you into handing over sensitive information or open attachments/web-links to malicious content and come in the form of emails, phone calls and text messages. Scammers will contact you, disguised as legitimate businesses, claiming you need to provide or confirm personal details. They may also attempt to obtain your IT account details.
How do I spot and avoid them?
- Check the sender address directly matches the official email address
- Watch out for poor grammar/spelling
- Be wary of threats demanding you take action immediately
- Don’t open attachments or links from a suspected scammer
- Report all phishing emails to IT Services
Emails from outside the University
IT services are also taking steps to help warn you against potential phishing emails. All emails sent to your University email account from outside of the University will come with a message warning you to take care. The message will appear at the top of the email and will look like this:
This applies to all University email accounts on Microsoft 365 (formerly known as Office 365), which is all students, and the majority of staff.
This will ensure that everyone is aware and cautious of emails coming from outside the University, making it easier to spot malicious emails claiming to be official University communication.
We will never call you and ask you to transfer money into a bank account. If you owe fees, you will receive an email from the Finance Office.
If you receive a suspicious email, do not click on any links and do not reply, but let IT Services know by sending the phishing email as an attachment to firstname.lastname@example.org. If you’re worried you’ve been scammed, phone the IT Support Centre immediately on 0161 306 5544 (available 24/7).
For phone calls:
Avoid calls from unknown numbers.
If you answer, take the caller’s name and tell them that you’ll call them back. A legitimate caller should have no problem with this, but only call a number that can be found on an official document, not the number they used to call you.
Search the number online. Lots of websites actually log spam numbers based on other people’s reports.
Don’t be pressured into giving any information immediately even if they say it’s urgent. Neither the Home Office or any police force or legitimate company will ask you to give out your bank details over the phone, transfer funds, or pay a fine. Any caller who asks you to do these things is trying to commit a fraud.
What you should do if you receive a dishonest or suspicious phone call:
- Refuse to share any personal information with them – do not give them information about your passport, your visa, your bank account or your address.
- Hang up the call and block the number.
- Report the call to the University. You can do this by speaking to a member of ResLife in your Halls, or someone working in Student Support. If you do not know who to speak to, email email@example.com. Letting us know means that we are better able to support you and that we can work with Greater Manchester Police to identify the people who are making the calls.
Avoid fake shopping websites and formjacking
The Internet is a great thing! And has been pretty invaluable over the past year. Nowadays you can pretty much get anything delivered straight to your door. However, you may be tricked into buying products from a fake website which doesn’t deliver what you purchased or provides you with counterfeit goods.
Another common scam is now formjacking – a new cyberthreat that steals credit card information. This can happen when a legitimate e-commerce website is hacked (without the owners knowing), allowing cybercriminals to redirect you to different URLs in the payment process that look similar but actually steal your information.
How do I spot and avoid fake websites?
- Always check the domain name. Fake websites may use the brand or a product name in their domain to trick you into believing it’s legitimate e.g. http://www.discountadidas.com
- If the prices seem too good to be true, then they probably are
- Look out for the returns info and policy. A legitimate website will give you details on how to return an item or delivery FAQ’s
- Read online reviews to find out other customers’ experience with the company
How to spot formjacking?
- As you enter the webpage to put in your card details double check the URL to make sure you are still on the exact same website you came from.
- The URL will often have only been changed very slightly – like adding or taking away a single letter – so check carefully.
Don’t be a money mule
Students can sometimes be tricked into money laundering, an illegal activity in which they are given money and then asked to transfer it from their bank account to another whilst gaining a small fee for doing so. You may be roped into doing this in a number of ways, for example being offered a job as a ‘Mystery Shopper’ or ‘Payment Processing Agent’. If you’re caught doing this, you could face a prison sentence of up to 10 years, as well as being put at risk of ID fraud even if you didn’t know that what you were doing was illegal!
How do I spot and avoid them?
- Avoid and decline requests from people who want you to transfer their money from your account
- If you’re offered a job that you may be suspicious about, talk to the Careers Service so that they can look through it for you
- Don’t be pressured in to signing up to anything you do not fully understand
- If you do feel pressured, you can always contact the police for help and advice
Don’t forget to visit the Student Support website for more info on scams and risks that you may be vulnerable to as a student. Visit our webpage for more information.
- Greater Manchester Police’s Action Fraud
- Students’ Union Advice Service
- Advice for Chinese students is available from the Embassy of the People’s Republic of China. Please note: this page gives information on a different but related fraud. Chinese students can also follow the CSSA social media channels.
- Advice for Indian students is available from the National Indian Students and Alumni Union (NISAU) and can be found on their social media channels.