Skip to main content

Fraudulent emails, spam, and phishing attacks.

Advice about how to spot online fraud and phishing emails and what to do.

Remember, no one within the University or elsewhere should ask you for your username and password, so if any email, text message, or phone caller asks for this information, it will be a scam.

If you have a security breach, or suspected breach on a University device, user account, or system, you must inform the Helpdesk immediately. 

Latest scams to be aware of:

Text scam

We have been alerted to a recent increase in reports of a common text scam targeting students to trick them into giving away financial information.

  • Text messages are sent to students referencing unusual activity on their account advising them to expect a call from the University’s Finance team.
  • Students then receive a telephone call from a private number claiming to be from the University’s Finance team and asking them for details about their bank accounts.
  • These messages have NOT been sent by the University's Finance team and you should not proceed with the call.
  • Cyber criminals are clever and can be very convincing using messaging designed to look like they have come from the University to trick you into thinking they are legitimate and into revealing personal and or financial information. See advice on how to spot a scam email, text, message or call.
  • Please be vigilant of suspicious emails, texts and telephone calls and NEVER give out any personal information or bank details to random callers.
  • If you think a scammer has got hold of your bank details, please contact your bank straight away to make them aware and change passwords on your accounts. The sooner you report it the quicker any damage can be limited. 
  • Do be careful about what information you share online – especially your date of birth or any information that a bank might use to verify accounts or lost passwords. Your phone numbers, home address and pictures of your home, workplace or education setting are valuable material for scammers.

Victims of personal cyber-attacks, in whatever form, may be left feeling vulnerable, angry, or anxious and this can have a serious impact on mental wellbeing.  We encourage all students to seek support in such circumstances. Get support from Student Wellbeing  and/or the and/or the Student Wellbeing 24-hour helpline .

For more information about staying safe on line please visit AskHerts: Staying Safe online and cyber security

Yearbook scam

Email scam targeting students by asking them to buy a yearbook.

  • The sender is appearing as and the email subject as ‘Complete Your Yearbook account.’
  • The email then asks you to fill in a form with personal details including your name, mobile number, personal and university email address, profile picture and the degree you have achieved. 
  • The form requires you to pay either a £5 or £10 fee, which the scammers then use to set up recurring payments from your account. 
  • If you have received this email do not click on any links in it or enter your information in the form, instead just delete the email.
  • University of Hertfordshire DOES NOT produce yearbooks, so if you are student with us and receive a yearbook message this is  very likey a SCAM

Fraudulent emails, texts, calls, and messages 


Email security at Herts 

Using technology to protect your devices and user accounts 

Smart devices 

Online gaming 

Reporting scams and accessing support

Fraudulent emails, texts, calls, and messages:

How to spot a scam email, text, message or call

If you suspect you have received a fraudulent email, text, or message:

  • do not click on any links or attachments
  • do not reply, especially be wary of an 'unsubscribe' link. If you do reply, then the spammers know that your address is valid and you will receive more spam.
  • delete the email, text, or message from your inbox.

If you have inadvertently responded to a fraudulent message with your University account details, you must immediately contact the Helpdesk:
Telephone +44 (0)1707 284678 or ext 4678. (available 24/7)
Email: (Monday to Friday 08:00 to 17:00)

If we notice anything suspicious with your university account, we will promptly reset your password to protect your account.  If you do not have Multi-factor Authentication (MFA) enabled, your account will be disabled. You will need to contact our helpdesk to reinstate your account.

Remember, you can change your password anytime by going to


QR code link

  • Quishing is a type of phishing attack that uses QR codes to trick people into visiting a malicious website or downloading a virus-filled document.
  • Quishing works by creating fake QR codes that mimic legitimate ones. Scammers then place these codes on flyers, labels, posters, or any other public space where people can scan them. Once the user scans the code, it takes them to a counterfeit website that looks like the real thing.
  • They can also be planted into emails as images or within attachments.

Email security at Herts

The University uses email security software (Mimecast) to provide you with greater protection against harmful emails and phishing attacks, keep more spam out of your inbox and help prevent data from getting into the wrong hands.

Greater protection against spam and junk email - Mimecast allows you to view and control your held messages providing both greater protection against spam and harmful emails whilst allowing you to stay in control of your email and ensure that genuine messages aren’t missed and are released to your inbox.

Incoming emails are scanned for viruses and spam to prevent harmful emails from being delivered to your University email account.  Any emails identified as potentially harmful or spam will be held and you will receive a daily email from with the subject ‘You have new held messages’ detailing any held messages with the option to release, permit or block each held email (see image below):

  • Release - delivers the held message to your inbox but will continue to hold future messages from the same sender
  • Permit - delivers the held message to your inbox and marks future messages from this sender as safe
  • Block – removes the message, adds the sender to your personal block list, and prevents any further emails from that address reaching your mailbox.


Please note that held messages will be deleted after 14 days if not released.

You can also log in to the Mimecast personal portal at to view your held emails and release them if necessary. Login with your UH username and password.  For more information see Mimecast's guide for managing held messages via the personal portal.

Image of login screen for Mimecast personal portal

Link protection - Mimecast protects the links that you click in emails by redirecting you through their secure servers to determine if a website is harmful. So, you may notice that some web links contained in your emails could display a different url address, which is normal. For example, a link to would become

Attachment protection - Mimecast scans attachments for known threats and harmful content before it is delivered to your inbox. If someone sends you an attachment with harmful content, then the email will be blocked completely. If the sender is legitimate, but the attachment is harmful, the email will be delivered without the attachment included or sometimes you may receive a PDF attachment which is safe to view when you expected a different file format.

Undeliverable emails - if you send an email from your email account that is undeliverable you will now receive a PostMaster email from Mimecast rather than exchange online. This is expected and you do not need to contact the Helpdesk.

If you receive notification messages from Mimecast alerting you to a blocked link, attachment or email.  Please follow the instructions and if you have any questions or if you think an email has been classified as spam by mistake or if a link or attachment has been blocked in error please contact the Helpdesk on 01707 284678 or email at

Using technology to protect your devices and user accounts

It is a requirement that your Herts University login account is protected with multi-factor authentication (MFA).
Find out more about MFA on your student login account and how to manage your settings and devices 

Smart devices

‘Smart devices’ are the everyday items that connect to the internet – like speakers, security cameras, or fitness trackers.   And just like your phone or laptop, if they are unprotected, smart devices can be hacked to put your data and privacy at risk.

Online gaming

An estimated 1.2 billion of us are regularly logging on, signing up, and playing online.

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
Please refer to the LCS Service Status page for updates on service availability. Online and telephone support is available 08:00 to 18:00 Monday - Friday with telephone support only available outside of these times.