We take your security and privacy very seriously, so have put together some guidance on protecting yourself and your personal information online.

What to do if you receive a suspicious email

If you receive an email claiming to be from UCAS and you're not sure that it is genuine, please send it to reportabuse@ucas.ac.uk so it can be investigated. We’ll then let you know whether or not the email is genuine. Until we confirm it is genuine, do not:

  • reply to the email
  • click any links in it
  • open any attachments

If it is not a genuine email, we can warn other people not to respond to it.

The Student Loans Company has produced guidance on how to identify a phishing email, and this helpful video which explains phishing in more detail.

What we will never ask you via email

  • UCAS will never ask you for your bank or sign in details via email – if you receive an email requesting this information claiming to be from UCAS or a university, forward the email to reportabuse@ucas.ac.uk.
  • If you are unsure whether an email is genuine, do not click any links in it, open any attachments, or reply with any personal information.
  • If you have any concerns about an email you have received claiming to be from UCAS, send it to reportabuse@ucas.ac.uk.

How do we keep you and your information safe?

UCAS follows international security standards

UCAS is accredited to the international security standard ISO:27001, and to support this, we regularly check and audit how our security is working and continually improve the measures we take to keep the information we hold safe.

How to report concerns

Due to the number of high profile attacks and reports of scams directed at students, we have created an email address specifically for reporting any such concerns. If you have received an email and you don’t think it is from UCAS, please send it to reportabuse@ucas.ac.uk and we will investigate it for you. We’ll send you an email acknowledgement, letting you know the outcome of our investigation, and providing help and advice.

Contacting UCAS over the phone

We take your privacy very seriously, so when phoning UCAS to discuss your application, you will first be asked a number of security questions before we can share details of your account and application with you. If you’ve given a parent or carer nominated access to talk to us about your application on your behalf, we will ask them security questions too.

Privacy at UCAS

We’ve published information on ucas.com about how we use personal information, along with detailed information about uses of personal information provided when someone submits an application through one of our higher education admissions services.


Our website keeps your personal data secure by encrypting it, so only we can understand it. Click the secure certificate icon (padlock) in the address bar on our website to expand it for further information.


If you have made a payment by credit or debit card to UCAS, we do not keep your card details.

Find out more

The Student Loans Company has a wealth of information and advice on their website about staying safe online, including how set to set strong passwords, website security, and social networking.

Action Fraud are the national fraud and cyber crime reporting centre, and provide support and prevention information.

Get Safe Online provide information on protecting your computer, smartphone, and tablets when shopping, banking, and using social networks.

Webutation is an open community which can test web addressed against spyware, spam, and scams, providing information on the safety of a website.

The Metropolitan Police have developed resources for fighting fraud and cybercrime.