Suggested audience: All Hwb users and stakeholders.
Phishing is the term generally used for e-mails that try to persuade people into giving up sensitive information, primarily passwords.
Phishing e-mails normally pretend to be from a trusted source using one or more of the following tricks:
- Faking the sender’s e-mail address
- Copying images and styles from genuine e-mails
- Using urgent or ‘panic’ inducing messages
Phishing e-mails used to be easy to identify because they had spelling mistakes or grammatical errors, however, they are becoming increasingly sophisticated.
Phishing e-mails will almost certainly include an attachment or link that you are encouraged to access. An emerging strategy is to create a copy of the Office 365 login so that an attacker can capture the username and password of unwary users.
Hwb anti-phishing measures
A number of measures have been taken in Hwb to try and make it easier to spot phishing e-mails, as well as reduce the number that get through. The following summarises the measures:
- E-mails sent from firstname.lastname@example.org will never directly include links to external websites; they will only contain links to pages on https://hwb.gov.wales or https://gov.wales.
- E-mails from email@example.com will only ever be sent directly to your @hwbcymru.net account or work e-mail account, and not to any other personal e-mail accounts you have. For example, if you receive an e-mail at home (e.g. to your personal Hotmail account) which looks like it is from Hwb, it will be a phishing e-mail. If you have any concerns regarding such e-mails, please contact the Hwb Service Desk – firstname.lastname@example.org.
- Hwb e-mail has been configured with a number of technical controls to minimise the number of phishing e-mails delivered to Hwb users. They include:
- Office 365’s anti-phishing service - uses machine learning and detection algorithms to detect phishing e-mails.
- DMARC – enables organisations to let other e-mail systems know what to do with e-mails that do not come from Hwb authorised senders.
- Office 365 Safe Links - provides filtering to block access to known malicious websites. It should be noted that this may not be effective against all sites and therefore does not remove the need for individual vigilance!
How to avoid a phishing attack
- Only access Hwb from your browser Favourites or by typing the Hwb URL (https://hwb.gov.wales) into the browser address bar.
- If you receive an e-mail that is encouraging you to access a link or open an attachment, pause and consider whether you are expecting the e-mail and whether there are any tell-tale signs that it might not be genuine.
- If you suspect that an e-mail may not be genuine, follow these steps:
- Log in to Hwb and navigate to the Outlook application in Office 365.
- Click on the phishing e-mail (the e-mail itself, not any links or attachments within the e-mail).
- Click on the dropdown arrow next to Reply all.
- Click Mark as phishing.
Top three things to remember if you suspect a phishing e-mail:
- Do not open any file attached to a suspicious e-mail.
- Do not click on any links within a suspicious e-mail. If you have already clicked on the link, do not enter any personal information.
- Do not reply to a suspicious e-mail.
If you have already entered your personal details, please report this to the Hwb Service Desk as soon as possible as your Hwb account may have been compromised: email@example.com / 03000 25 25 25.