Thank you for taking part. You’ve just helped researchers test awareness – no harm was done.
💡 What just happened?
You clicked a link that was part of a university-approved phishing awareness study. The page you saw (timetable, Instagram login, password reset, etc.) was a realistic copy used only for training. No data was sent from your device and no real account was put at risk. Real phishers use similar-looking pages to steal passwords and personal data.
🚩 Red flags to look for next time
Urgency or fear – e.g. “Your account will be suspended”, “Confirm now”, “Act within 24 hours”.
Unexpected sender – address doesn’t match the organisation, or comes from a free email service.
Generic greeting – “Dear User” or “Dear Student” instead of your name.
Strange links – hover over links to see the real URL before clicking.
Spelling and grammar – many phishing emails contain mistakes.
Requests for passwords or personal details – legitimate services don’t ask for these by email.
URL bar – check the address. Is it really instagram.com, or something like instagram-login.xyz?
No padlock or “Not secure” – legitimate login pages use HTTPS (padlock icon).
You arrived via an email link – real Instagram/Microsoft/etc. don’t ask you to “log in again” from an email link.
Odd design or typos – clones often have small differences or errors.
When in doubt, open the real site yourself (type the URL or use a bookmark), then log in there.
Enable two-factor authentication (2FA) so stolen passwords are less useful.
Use a password manager – it won’t autofill on fake sites with the wrong URL.
📝 Quick quiz – test what you’ve learned
Please answer these two questions. Your responses are anonymous and will only be used to measure awareness.
If the quiz does not load, open it in a new tab: Quiz link
🛡️ What to do about real phishing
NCSC advice: If you receive a suspicious email, do not click links or open attachments. Report it to your IT team or use your institution’s “Report phishing” option. For more guidance, see NCSC – Spotting suspicious emails.