Sophisticated phishing campaign targets Universities

The IT Security team has been notified of a dangerous email phishing campaign that has impacted institutions in Scotland over the weekend.
There is no evidence that the University of Aberdeen is affected at this time, however we would ask you to remain vigilant.

What to look out for

  • The malicious email will appear to have come from someone you know or someone you have had an email conversation with.
  • The subject within the malicious email will match a subject that you have previously used or seen.
  • The body of the message simply contains a button labelled with ‘call to action’ text, similar to the examples given below:
    • Open Message

    • View Article

    • Display complete message

    • Display full message

    • Display message body

    • Display this message

    • Display trusted message

  • If you click the button, a malicious payload is triggered which will harvest your credentials and propagate the phishing campaign from your account.


What should you do?

If you receive an email like this, or are the recipient of a similar style of attack, please report it to us immediately by contacting the Service Desk or forwarding the email to

If you think you may have clicked a link in a similar email, please contact the Service Desk immediately.

For general information on how to spot phishing visit the Information Security resource on Toolkit:


About the phishing campaign

The attack style adopted by this campaign has several aliases including Pseudoderm, Blue Button, and RGB. Many of you will remember that the University was seriously impacted by a similar attack in early 2019.