Today (Tuesday 26 September) we were made aware of an email scam attempting to gain personal details from students.
The phishing attack comes in the form of an email claiming to be from our Finance Department, informing recipients they have been awarded a grant. The emails are actually originating from compromised student addresses at other universities.
Readers are then guided to a fake, university-branded webpage which asks for personal information including date of birth, bank details and phone passcodes.
Please be extra vigilant with regards to suspicious emails, and remember to check for the telltale signs of a phishing attempt.
Check the sender’s address. Often a dummy display name will be given in phishing emails. Hover over the ‘from address’ to check it is coming from an authentic source.
Check attachments and links. Phishing emails encourage you to proceed to a given webpage or open attachments which contain malware. Hover over hyperlinked text to check it is taking you to a safe place.
Identify urgent or threatening language. Scammers often try to pressure you into taking action quickly. Consider the tone of the email and whether this is the kind of language you would expect from the source.
Look for personalisation. Check for signs that the email has been directed specifically to you. Phishing emails are usually sent to thousands of recipients, so check to see the email you are receiving is not a blanket mailout.
If you think you might have received a phishing email please don’t hesitate to contact IT Support. Be particularly cautious of emails with the following header:
From: University of Xxxx <firstname.lastname@example.org>
Date: 22 September 2017 at 13:38:24 BST