You may have noticed an increased number of spam or phishing emails over the last few days. Please be vigilant!
We have seen fake emails asking you to sign documents, check on parcel deliveries, view invoice reports, or open web links. All are designed to make you reveal your personal or University username and password details.
Periodically, spammers target large institutions and we see spikes in the amount of fake email traffic. Below is guidance on how to avoid being caught, and also information about what we do to tackle these attacks, and what the risks are to you and the University.
What can you do to avoid being caught out?
- When in doubt, throw it out! If an email doesn’t feel right, it probably isn’t.
- Fraudsters use compromised University accounts to send emails, so just because an email appears to come from a colleague or someone in your contact list doesn’t mean it’s genuine.
- If you think an email might be important, contact the source - but not by replying to the email or using contact details contained in it. Instead, look for contact details online, independently.
- Never click on links or open attachments if you are in any doubt about the authenticity of an email; doing so is enough to compromise your username and password.
- Never reveal sensitive information such as bank account or other personal details.
- Review our Toolkit guide about how to spot a phishing email:
And lastly, please remember - the University will never ask you for your password.
What are the risks to you and the University?
If a University IT account is compromised because someone inadvertently reveals their username and password, that account might then be used to send spam email to your colleagues and contacts. This can make an otherwise obvious phishing attempt seem more authentic and make it more likely that the recipient clicks on links or attachments.
Opening links and attachments also exposes the University to potential malware and virus threats.
What is the University doing about this?
Our system tools automatically detect and reject huge amounts of fake email every day so the vast majority are discarded before they reach your Inbox.
However, detecting fake emails remains an inexact science, and spammers exploit the ability to quickly send mass quantities of email hoping that some will get through and catch you out.
Thank you for your vigilance, and thank you to those who spotted these as fakes, and reported them to the IT Service Desk.