There has been a significant increase in social engineering attacks against the University. This style of attack tries to extract information or funds from victims without needing to take over an IT account - the most common aim of most phishing email.
We’ve seen attackers impersonating staff members via email by creating a free account (such as Gmail) and setting the display name to match that of a University staff member. The initial tendency was to impersonate Senior Management; more recently however we have seen examples of spoofed emails impersonating staff of varying levels of seniority.
The attackers research the contacts of the person being impersonated, then send emails requesting help with an urgent task. Once they have established contact with you, they will typically attempt to conduct a scam involving the purchase of online shopping vouchers.
If you receive an email that appears to come from a colleague asking for urgent help, always ensure the sender address is correct. Emails originating outside the University will show this banner:
Tip: If a sender is trying to induce a sense of urgency, you should consider this a red flag for a potential scam.
For more information on spoofing:
- Read the Beware email spoofing scams news item we published earlier this year.
Cryptocurrency extortion email scams are also on the increase.
A malicious actor will send out extremely threatening emails stating they have compromised your devices and then attempt to extort a cryptocurrency payment. They will often include a genuine password that is known to you as well as other personal details. In some cases, the emails are spoofed to appear as if they have come from your own mailbox.
Such threats are almost always baseless. The information used for blackmailing is taken from publicly available data sets stolen during major data breaches affecting high profile websites over the years. Examples of compromised websites include LinkedIn and Dropbox.
You can check whether your email address has ever been compromised in such a breach using the free Have I Been Pwned service: https://haveibeenpwned.com/
If you are listed in any breaches, you should ensure that none of your online accounts or services use the same or similar password to the one listed in the message. In general, you should also never reuse passwords between different services. A password manager can assist with this.
For more information:
- Read more about extortion scams on the Malwarebytes website.
- See our article on Limiting the Impact of third-party data breaches.
Note: While rare in comparison to empty threats, genuine extortion is a possibility. If you have any reason to believe the sender of a similar message has genuinely compromised your accounts or devices, then you should liaise with the police as a matter of urgency.
Lastly, telephone scams are still a common issue. We are aware of a small number of cases in recent weeks where attackers successfully gained remote access to University devices under the guise of providing tech support.
If you think you have been the victim of a similar scam, please contact the IT Service Desk immediately at https://myit.abdn.ac.uk.
- Read our earlier news item for guidance on to Telephone scans and how to avoid them.
Find out more
- You’ll find more information on protecting yourself and the University from Cybercrime in Toolkit’s Information Security resource.
- The National Cyber Security Centre have released an excellent Cyber Security guide for Individuals and Families.
Author: Information Security Team, DDIS