Spam and Phishing emails

We often get unwanted messages called 'spam'. The University has a system to block spam, and suspected spam emails are not sent to your inbox, but are put in quarantine or your Junk folder.

What to do if you receive spam

You can manage your own quarantine and spam lists. This link allows you to block and approve senders, and also release messages. It also allows you to choose whether you receive notification of quarantine emails, and how often they are sent to you.

If you receive spam, please forward the e-mail message as an attachment (using the keyboard shortcut Ctrl + Alt + F) to spam@leeds.ac.uk

Spam

Managing quarantined emails

You can manage all your quarantined email messages at: https://quarantine.leeds.ac.uk/.

  • Login with your username and password.
  • Select the email you want by ticking the check box next to it. You can choose Deliver Message, which will approve emails individually.
  • Alternatively, you can choose Deliver & Approve Sender which will approve all future emails from that sender's address.

You may find that when you release a message, it will go into your Junk folder in Outlook. If this happens, you will need to approve the email message or sender again from within Outlook. This is because Microsoft have their own spam filters in addition to our quarantine service.

  • To do this, select the message in your Junk folder.
  • Choose the drop-down arrow from the Junk heading and select your desired option.

Junk settings Outlook 2013

In Outlook Web Access, you can drag the email from your Junk folder back into your Inbox. For more information click here.

Phishing Advice 

Sometimes you'll get an email that appears to come from your bank, the IT Service Desk or similar, but in fact it is trying to trick you into revealing important information such as your username and password, bank details etc. This is phishing.  

Read our advice on how to avoid getting caught by a phishing scam. If you want to report a phishing email or think you may have replied to one, please contact the IT Service Desk. Please also forward the e-mail (as an attachment, using the keyboard shortcut Ctrl + Alt + F) to spam@leeds.ac.uk

Links in University emails

Automatic emails from many University systems (such as SIPR and COSTA) do not contain hyperlinks to web pages which ask for your username and password. Instead, the links appear just as plain text. 

How does it work?

You may receive an email with a message like this:

'We suspect an unauthorised transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.'

Or

'During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information.'

The emails or pop-ups claim to be from a business or organisation that you might actually deal with - for example, the IT Service Desk, an internet service provider, a bank or an online payment service. The message may ask you to 'update,' 'validate,' or 'confirm' your password and/or account information, and some phishing emails threaten a dire consequence if you don't respond.

The messages direct you to a website that looks just like a legitimate organisation's site - but it isn't. It's a bogus site whose sole purpose is to trick you into giving away your personal information so the operators can steal your identity to access your data, run up bills or commit crimes in your name.

Neither the University nor any other reputable organisation will ever send you emails asking you to input, confirm or validate account and/or personal details.

Tips to avoid getting hooked by a phishing scam:

  • Even if an email requesting account information appears to have come from an official and/or trusted sender do not trust it;
  • don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message;
  • don't cut and paste a link from the message into your web browser - phishers can make links look like they go to one place, but they actually send you to a different site;
  • if you are concerned about your account, contact the organisation using a phone number you know to be genuine, or open a new internet browser window and type in the company's correct web address yourself;
  • don't email personal or financial information - email is not a secure way to send information;
  • review credit card and bank account statements as soon as you receive them to check for unauthorised charges;
  • be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them

If in doubt, contact the IT Service Desk

Related pages