How can I protect myself from phishing attacks?

There are a number of practical steps that can significantly reduce the risk of falling victim to a phishing attack:

• Use a passkey or phishing-resistant multi-factor authentication (MFA) wherever possible. Unlike standard MFA methods such as one-time passcodes sent by text, passkeys and hardware security keys are cryptographically bound to the legitimate website and cannot be intercepted or replayed by attackers — even on convincing fake login pages. Where passkeys are not yet available, an authenticator app is preferable to SMS-based codes. The University supports Microsoft Authenticator for account sign-in; students are encouraged to register this as their primary MFA method

• Use a different, strong password for each account. A password manager can help generate and store these securely

• Be especially cautious during key periods such as the start of term, accommodation sign-up, and exam results periods, when phishing attempts targeting students typically increase

• Verify unexpected requests for payment or personal information by contacting the sender directly using official contact details — not those provided in the email

• Keep devices and software up to date to protect against malicious software that phishing links may attempt to install