Skip to content
MySurreyHelp

What is phishing and how does it work?

Phishing is a type of cyber attack in which criminals send fraudulent emails designed to trick recipients into revealing sensitive information, transferring money, or installing malicious software on their device.

Attackers often impersonate trusted organisations — such as the University, HMRC, your bank, UCAS, or the Student Loans Company — and create a convincing sense of urgency to pressure people into acting without thinking. Common phishing scenarios include:

  • Fake accommodation invoices or payment requests.

  • Fraudulent council tax exemption forms requesting bank details.

  • Fake bursary or emergency grant offers requiring financial information.

  • Impersonation of IT Services warning that an account will be suspended.

Phishing emails have become increasingly sophisticated and can be difficult to detect. If something feels wrong about an email — even slightly — trust your instincts and report it.

Need more help?
Contact us via Surrey Support
Need immediate support?
Find out how

If you are unable to access Surrey Support, please contact us via our enquiry form.

Related articles

What should I do if I receive a phishing email?
What should I do if I have responded to or clicked on a phishing email?
Which types of emails should I report for phishing?