Skip to main content

Fraudulent emails, spam, and phishing attacks.

Advice about how to spot online fraud and phishing emails and what to do.

Remember, no one within the University or elsewhere should ask you for your username and password, so if any email, text message, or phone caller asks for this information, it will be a scam.

If you have a security breach, or suspected breach on a University device, user account, or system, you must inform the Helpdesk immediately. 

Fraudulent emails, texts, calls, and messages:

How to spot a scam email, text, message or call

If you suspect you have received a fraudulent email, text, or message:

  • do not click on any links or attachments
  • do not reply, especially be wary of an 'unsubscribe' link. If you do reply, then the spammers know that your address is valid and you will receive more spam.
  • delete the email, text, or message from your inbox.

If you have inadvertently responded to a fraudulent message with your University account details, you must immediately contact the Helpdesk:
Telephone +44 (0)1707 284678 or ext 4678. (available 24/7)
Email: (Monday to Friday 08:00 to 17:00)

If we notice anything suspicious with your university account, we will promptly reset your password to protect your account.  If you do not have Multi-factor Authentication (MFA) enabled, your account will be disabled. You will need to contact our helpdesk to reinstate your account.

Remember, you can change your password anytime by going to


  • Quishing is a type of phishing attack that uses QR codes to trick people into visiting a malicious website or downloading a virus-filled document.
  • Quishing works by creating fake QR codes that mimic legitimate ones. Scammers then place these codes on flyers, labels, posters, or any other public space where people can scan them. Once the user scans the code, it takes them to a counterfeit website that looks like the real thing.
  • They can also be planted into emails as images or within attachments.

Email security at Herts

The University uses email security software (Mimecast) to provide you with greater protection against harmful emails and phishing attacks, keep more spam out of your inbox and help prevent data from getting into the wrong hands.

Greater protection against spam and junk email - Mimecast allows you to view and control your held messages providing both greater protection against spam and harmful emails whilst allowing you to stay in control of your email and ensure that genuine messages aren’t missed and are released to your inbox.

Incoming emails are scanned for viruses and spam to prevent harmful emails from being delivered to your University email account.  Any emails identified as potentially harmful or spam will be held and you will receive a daily email from with the subject ‘You have new held messages’ detailing any held messages with the option to release, permit or block each held email (see image below):

  • Release - delivers the held message to your inbox but will continue to hold future messages from the same sender
  • Permit - delivers the held message to your inbox and marks future messages from this sender as safe
  • Block – removes the message, adds the sender to your personal block list, and prevents any further emails from that address reaching your mailbox.


Please note that held messages will be deleted after 14 days if not released.

You can also log in to the Mimecast personal portal at to view your held emails and release them if necessary. Login with your UH username and password.  For more information see Mimecast's guide for managing held messages via the personal portal.

Image of login screen for Mimecast personal portal

Link protection - Mimecast protects the links that you click in emails by redirecting you through their secure servers to determine if a website is harmful. So, you may notice that some web links contained in your emails could display a different url address, which is normal. For example, a link to would become

Attachment protection - Mimecast scans attachments for known threats and harmful content before it is delivered to your inbox. If someone sends you an attachment with harmful content, then the email will be blocked completely. If the sender is legitimate, but the attachment is harmful, the email will be delivered without the attachment included or sometimes you may receive a PDF attachment which is safe to view when you expected a different file format.

Undeliverable emails - if you send an email from your email account that is undeliverable you will now receive a PostMaster email from Mimecast rather than exchange online. This is expected and you do not need to contact the Helpdesk.

If you receive notification messages from Mimecast alerting you to a blocked link, attachment or email.  Please follow the instructions and if you have any questions or if you think an email has been classified as spam by mistake or if a link or attachment has been blocked in error please contact the Helpdesk on 01707 284678 or email at

Using technology to protect your devices and user accounts

It is a requirement that your Herts University login account is protected with multi-factor authentication (MFA).
Find out more about MFA on your student login account and how to manage your settings and devices 

Smart devices

‘Smart devices’ are the everyday items that connect to the internet – like speakers, security cameras, or fitness trackers.   And just like your phone or laptop, if they are unprotected, smart devices can be hacked to put your data and privacy at risk.

Online gaming

An estimated 1.2 billion of us are regularly logging on, signing up, and playing online.

Contact Us

Helpdesk - Library and Computing Services

Library and Computing Services

Today - Open 24 Hours
Please refer to the LCS Service Status page for updates on service availability. Online and telephone support is available 08:00 to 18:00 Monday - Friday with telephone support only available outside of these times.