Phishing And Spam

Spam and Junk Emails

Spam or junk email is unsolicited or unwanted email which in most cases:

  • Have poor spelling and grammar
  • Ask or demand that you forward the email to others
  • Advertise a product or service that is normally difficult to acquire, usually an offer too good to be true

The best way to deal with spam is to delete it yourself, or set filters to identify and delete spam using your email software such as Outlook.

Tips to reduce spam or junk emails

  • Never buy any product or service advertised in a spam email
  • Never click on a link in a spam email even when it says it's the only way to unsubscribe. Clicking on the link confirms your email address to the sender and results in you receiving more spam
  • Never email personal information such as credit/debit card, passwords, usernames, mother's maiden name etc
  • Never reply to a spam email because by doing so you confirm your email address and are likely to get more spam or junk email

International students on visas being targeted by fraud

We are aware that a number of students across UK universities have been targeted by fraudsters and have lost large sums of money. 

One very serious scam is targeting Chinese students directly– it can involve WeChat and mobile contacts. Students are contacted on their mobile phone by people claiming to represent their bank, embassy, police or other reputable agency and are told they owe funds immediately or that their family owe money.

  • Please remember that the Home Office or UKVI will never a call an international student to request personal details or payments.
  • Do not make payments or give personal information from people making calls like this.

If you think you may have been targeted or have any concerns please contact or call 020 7040 7040, or University Security if outside 0900-1700, 020 7040 3172.

Further advice on frauds and scams is available on the UKCISA website and the Government website.


Phishing is internet fraud sent through email. These emails try to steal personal data such as credit/debit card details, passwords, usernames and other information used to access your accounts. Common examples of phishing emails pretend to be companies such as online banks, eBay and PayPal. These emails ask you to click a link in the email which takes you to a website to type your username and password. Many times the company logos used in phishing emails look genuine which makes it difficult to determine if it's from a fraudulent source.

No credible bank or company will ever ask you to enter your personal information by replying to an email, or by clicking on a link in an email which directs you to a website.

City will never ask for your password or personal details either by email or by phone. 

Phishing emails usually:

  • Ask you to make a donation
  • Have poor spelling and grammar
  • Offer something that is too good to be true
  • Ask you to enter personal information such as a password, username or PIN
  • Threaten that your account will be closed if you don't respond within a given period e.g. 24 hours
  • Do not know you therefore they send a generic greeting 'Dear Bank Customer' or 'Dear Email User'
  • Ask you to open an attachment in the email which most times contain a virus that steals your information
  • Want you to click on a link in the email, it looks genuine but it's not. Hover on the link and it will show you a suspicious web address which is different from the genuine website used by the organisation
  • Contain professional language to make the email sound genuine e.g. 'we are currently updating our customer database ...'

Tips to reduce or avoid receiving phishing emails

  • Never respond to emails asking for personal financial information
  • Never fill out forms that ask for personal information through email
  • Do not click a link in an email or instant message if you suspect it is not genuine
  • Make sure your internet browser is updated regularly and security patches are applied
  • Do not install software, if you are unsure of its origin, and do not run executable programs received via email
  • Keep in mind that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust
  • Pay attention to the link, it may look genuine but hover (do not click) on it and you will see the fraudulent website which may have additional  letters, numbers, or symbols which is different from the genuine website of the organisation
  • If you are unsure, you can get in touch with the IT Service Desk, and we will check the source of the communication received

If you have given away your password or your account has been compromised

1. Change your password immediately

2. Sign out or close all pages and websites you have open

3. Change passwords anywhere else you use the same password

4. Contact the IT Service Desk

5. Inform all service providers that may be affected e.g. bank etc

6. Report phishing websites using your web browser or service provider

7. Report all phishing emails to the organisations they are pretending to be

If you are ever in doubt regarding an email’s validity you can contact the IT Service Desk using the details below, and a member of our staff will be able to advise you if the message is genuine.

Telephone support:

Call our friendly and supportive IT Service Desk team

  • Phone lines are open 24 hours a day, 365 days a year
  • Call us on 0207 040 8181 or
  • Extension 8181

Face to face support:

We offer face to face IT support and expert advice to all students at City, University of London. You can obtain basic technical support and assistance including:

  • Problems using software and other University IT Services
  • Removing viruses and malware
  • Wireless set up on laptop and mobile devices
  • Laptop performance issues
  • Password reset information

Our opening hours are between 8am to 8pm, Monday to Friday at the following locations:

  • Northampton Square, Drysdale Building, Room E101
  • Northampton Square, Library, 2nd floor
  • Bayes Business School, Library, 1st floor