Beware of phishing emails with attachments

There has recently been an increase in phishing emails sent to the University containing password-protected attachments.

Phishing emails are when someone disguises their identity in an email in order to trick you into giving out confidential information or opening a malicious file attachment or website.

Senders of phishing emails are using password-protected attachments (commonly using PDF or Office format files), as email security filters cannot scan the password-protected contents.

What to watch for

• Attachments requiring a password, especially if the password is in the same email
• Claims of invoices, payments, legal documents, or account issues
• Unexpected emails with messages asking you to do something urgently
• Suspicious sender addresses. For example, it attempts to impersonate a trusted organisation who wouldn’t normally email you or it comes from an organisation you don’t recognise and have never contacted
• Poor grammar/spelling

What you should do

• Do not open attachments or click on links from unknown or suspicious sources
• If you were expecting a password-protected file, verify the sender using a separate communication method. Do not use any contact details provided in the email
• Report suspicious emails using the 'Report Phishing' option in Outlook. Check out our how-to guide for reporting phishing

Always exercise caution and help protect our community.

More information on phishing is available in the portal news article 'How to spot phishing and report it'.

If in doubt, get it checked out! Email the information security team: infosec@solent.ac.uk if you have any queries.