Skip to main content

Fraudulent emails, spam and phishing attacks. Staying safe online

Advice about how to spot online fraud and phishing emails and what to do.

Remember, no one within the University or elsewhere should ask you for your username and password, so if any email, text message, or phone caller asks for this information, it will be a scam.

If you have a security breach, or suspected breach on a University device, user account, or system, you must inform the Helpdesk immediately. 

Take a few moments to see what you can do to stay safe online.

Stop Fraud: My money, my info? I don't think so!

Email security at Herts
Spot a fraudulent email, text, or message
- An example phone scam
Tips for staying safe online
- Protect your computer
- Social networking
- Online finance and shopping 
Social media scams
Suspicious and fraudulent phone calls
Be #CyberAware
Smart devices
Online gaming
In the news?
Report and support
Further information 

Cybersecurity is important because smartphones, computers, and the internet are now such a fundamental part of modern life, that it's difficult to imagine how we'd function without them. From online banking and shopping to email and social media, it's more important than ever to take steps that can prevent cybercriminals from getting hold of our accounts, data, and devices. 

Take Five campaign banner

And remember it's not just your data and money that is at risk.
It's also your identity, your reputation, your contacts, your time, your work, your devices and peace of mind.

Check out these short videos:

Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.

Find out more by going to the Take Five website.  Here you can find information on the latest scams, what to look out for and how to protect yourself.

Think it will never happen to you?  Take the 'test' and see how scam aware you really are:

Email security at Herts

The University uses email security software (Mimecast) to provide you with greater protection against harmful emails and phishing attacks, keep more spam out of your inbox and help prevent data from getting into the wrong hands.

Greater protection against spam and junk email - Mimecast allows you to view and control your held messages providing both greater protection against spam and harmful emails whilst allowing you to stay in control of your email and ensure that genuine messages aren’t missed and are released to your inbox.

Incoming emails are scanned for viruses and spam to prevent harmful emails from being delivered to your University email account.  Any emails identified as potentially harmful or spam will be held and you will receive a daily email from with the subject ‘You have new held messages’ detailing any held messages with the option to release, permit or block each held email (see image below):

  • Release - delivers the held message to your inbox but will continue to hold future messages from the same sender
  • Permit - delivers the held message to your inbox and marks future messages from this sender as safe
  • Block – removes the message, adds the sender to your personal block list and prevents any further emails from that address reaching your mailbox.


Please note that held messages will be deleted after 14 days if not released.

You can also log in to the Mimecast personal portal at to view your held emails and release them if necessary. Login with your UH username and password.  For more information see Mimecast's guide for managing held messages via the personal portal.

Image of login screen for Mimecast personal portal

Link protection - Mimecast protects the links that you click in emails by redirecting you through their secure servers to determine if a website is harmful. So, you may notice that some web links contained in your emails could display a different url address, which is normal. For example, a link to would become

Attachment protection - Mimecast scans attachments for known threats and harmful content before it is delivered to your inbox. If someone sends you an attachment with harmful content, then the email will be blocked completely. If the sender is legitimate, but the attachment is harmful, the email will be delivered without the attachment included or sometimes you may receive a PDF attachment which is safe to view when you expected a different file format.

Undeliverable emails - if you send an email from your email account that is undeliverable you will now receive a PostMaster email from Mimecast rather than exchange online. This is expected and you do not need to contact the Helpdesk.

If you receive notification messages from Mimecast alerting you to a blocked link, attachment or email.  Please follow the instructions and if you have any questions or if you think an email has been classified as spam by mistake or if a link or attachment has been blocked in error please contact the Helpdesk on 01707 284678 or email at

Typical signs of fraudulent email, text, or message:

  • a familiar-looking sender address (such as an IT department, bank, or colleague) where you are asked to reply or click on a link to provide further information, such as your username and/or password
  • it asks you to act urgently
  • you are addressed as 'dear friend' rather than by name
  • it may appear to come from someone you know; this is because their email has been infected by a computer virus
  • the name in front of the email may be familiar, but the reply email address is from an unknown source
  • bad spelling or grammar, poor quality images, and logos
  • links or attachments to click on
  • references to organisations you do not have a connection with
  • refers to a previous message you don't remember seeing
  • it may state you are over quota, or your account is due to expire, or offer to reduce your spam.

How to spot a Facebook scam:

If you suspect you have received a fraudulent email, text, or message:

  • do not click on any links or attachments
  • do not reply, especially be wary of an 'unsubscribe' link. If you do reply, then the spammers know that your address is valid and you will receive more spam.
  • delete the email, text, or message from your inbox.

If you have inadvertently responded to a fraudulent message with your University account details you must immediately contact the HelpDesk:
Telephone +44 (0)1707 284678 or ext 4678. (available 24/7)
Email: (Monday to Friday 08:00 to 17:00)

Remember, you can change your password anytime by going to

Example phone scam:

The scam starts when you receive a very convincing phone call supposedly from your mobile phone provider and offering you a generous discount based on your good payment history. 

  • In order to accept the deal, they ask you to text back a code that you are about to receive in a text message. 
  • See the example below to see just how convincing their messaging is; they are even warning you to beware of scammers!
  • The scammers are actually requesting a “reset password” request on your mobile phone account, and they will use the passcode to take control of your mobile phone account. 
  • If you believe you have been scammed in this way you should contact your mobile phone provider immediately. 

Real fraudulent text messages received:
The one-time code you requested will arrive shortly. DO NOT give this code to anyone. If someone's calling you and asking for a code, they DO NOT work for O2. Call us on 202 if you suspect fraud so we can protect your account.

Here is your code: 607901. Please enter this code to retrieve your O2 account. If you did not authorise this, please contact O2

Information and tips on how to stay safe online.

Protect your computer and your user accounts

  • Set up multifactor authentication (MFA) on your University login account.  
  • Secure your Wi-Fi; use eduroam when on campus.  Think twice before connecting to a free public Wi-Fi!
  • Do not open emails from people you don't know.
  • Install anti-virus/anti-spyware software and a firewall.
  • Keep your computer software, web browser, and security up-to-date.
  • Update your device operating system (OS)
  • If you wish to access UH systems from a mobile phone or tablet, please ensure your device has the latest operating system patch installed.
  • You should not attempt to connect to UH systems from a device no longer supported by its manufacturer.
  • Don't use obvious passwords e.g. birthdays. Use a mixture of numbers, symbols, and upper and lower case letters and use different passwords for different sites. Guidance for setting up your University Password
  • Be mindful of which website URLs you visit.
  • Never open attachments or links in spam emails or untrusted websites.
Using an older version of macOS?  Please update to at least macOS 10.14 to continue receiving Microsoft 365 updates from November 2020, including security updates.

Social networking

  • Keep your personal information hidden.
  • Set security levels so that only your friends can view your profile.
  • If someone sends you an abusive message, save them and contact the forum administrator.
  • Don't arrange to meet someone that you have only met online - some people might not be who they say they are.
  • If you or a friend have experienced online bullying or harassment, please visit for information and support.

Shop securely online

Make sure your bank and credit card provider has ALL your correct contact info. That includes your mobile number, landline number, and email address. 

  • They will need this to alert you if they detect suspicious activity and to ask you to confirm your identity when making some purchases. 
  • Remember, your bank or card firm will NEVER ask your PIN, password, date of birth, address or other personal details to verify a payment under this system, so if you're asked for anything other than a verification code it's likely a scam.

Watch this short video  

Avoid scam websites and purchase items securely:

  • Choose carefully where you shop
  • Use a credit card for online payments (paying by bank transfer provides you with less protection)
  • Only provide enough details to complete checkout
  • Keep your accounts secure
  • Watch out for suspicious emails, calls, and text message

Find out more:

Beware of delivery scams and phishing emails that have been circulating around pretending to be from DPD and Royal Mail. These emails claim that you have missed a delivery and ask you to reschedule for a small fee, thereby obtaining your bank details.

  • Look for "https://" and the padlock image to show that the site is secure.
  • Use a secure payment option such as PayPal or a dedicated pre-pay credit card for all online purchases.
  • Do not give out personal information unless secure.
  • Beware of sponsored links at the top or side of search pages. These are not always reliable and can be used by criminals.
  • Keep an eye on your bank statement for unusual transactions.
  • Remember, banks and financial institutions do not send emails asking you to verify your bank details by clicking on a link.  Always check with your bank.
  • Contact companies directly about suspicious requests  - don't reply to the request, or click on any links. 

Social media scams - not everyone is who you think they are

We have recently been made aware of students being targeted by fake Facebook accounts pretending to be a member of staff.  Be extra vigilant and if in doubt check it out.
How to spot and avoid Facebook scams

Phone scams

Phone scams are a common way for criminals to con people out of money.
If you receive a phone call offering help to remove viruses and malware on your computer, hang up immediately (this is a common scam).

Scammers now have the technology to mimic an official telephone number so it comes up on your caller ID display, so it’s likely the caller or text will be claiming to be an organisation such as your bank or broadband provider.

At some point, the caller will attempt to get your personal and bank details from you in order to perform a transaction of some kind, such as a refund for poor connection.

  • Don't reveal personal details - Never give out personal or financial information (such as your bank account details or your PIN) over the phone, even if the caller claims to be from your bank or broadband company. 
  • Hang up - If you feel suspicious or intimidated at all, or the caller talks over you without giving you a chance to speak, end the call. It may feel rude to hang up on someone, but you have the right not to be pressurised into anything. Never let anyone who calls you remote access onto your PC no matter how much they persist – end the call immediately.
  • Ring the organisation - If you're unsure whether the caller is genuine, you can always ring the company or bank they claim to be from. Make sure you find the number yourself and don’t use the one provided by the caller. 
  • Don't be rushed - Scammers will try to rush you into providing your personal details. They may say they have a time-limited offer or claim your bank account is at risk if you don't give them the information they need right away.
  • Register with the Telephone Preference Service – it's free and it allows you to opt-out of any unsolicited live telesales calls. Although it may not block scammers, this should reduce the number of unwanted, cold calls you receive.

CyberAware campaign 

Be #CyberAware - six ways to protect your online accounts and devices:

  1. Use a strong and separate password for your email
  2. Create strong passwords using 3 random words
  3. Save your passwords in your browser
  4. Turn on two-factor authentication (2FA)
  5. Update your devices and apps
  6. Back up your data

Smart devices

‘Smart devices’ are the everyday items that connect to the internet – like speakers, security cameras, or fitness trackers.   And just like your phone or laptop, if they are unprotected, smart devices can be hacked to put your data and privacy at risk.

Online gaming

An estimated 1.2 billion of us are regularly logging on, signing up, and playing online.

In the news?

Be vigilant of criminals trying to use the latest news to trick you into revealing personal or financial information.  

  • From the collapse of retail chains to COVID19, Brexit, and HMRC Self-Assessment, criminals will often use the publicity around these sorts of events as a chance to pose as a genuine organisation, including banks, police officers, and retailers.

Report and support

Don't feel embarrassed about reporting a scam or attack on your data – scammers are clever and scams can happen to anyone.
Reporting a scam helps track down and stop scammers. This prevents other people from being scammed.

Victims of personal cyber-attacks, in whatever form,  may be left feeling vulnerable, angry, or anxious and this can have a serious impact on mental wellbeing.  We encourage all students to seek support in such circumstances. Get support from Student Wellbeing

Further information 

There is lots of help and information to help develop your awareness and give you the skills to protect yourself. Try these for starters:

The National Cyber Security Centre has produced a number of printable infographics to support individuals in protecting personal information and devices. 

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
Please refer to the LCS Service Status page for updates on service availability. Online and telephone support is available 08:00 to 17:00 Monday - Friday with telephone support only available outside of these times