Fraudsters are sending out a high number of phishing emails to university email addresses claiming to be from their own HR department. These email addresses are either spoofed or in some cases using compromised university email accounts.
The email claims that the recipient is entitled to a pay rise from their department and to click on a link to claim the pay rise.
This link then takes you to a spoofed university website telling you to enter to your personal details (including university login details and financial information). These financial details can then be used by criminals, and the login details are usually passed around and sold for future fraud campaigns.
It is advisable that all universities prompt all staff and students to change any password associated with their university email/IT accounts. Due to potential data breaches, it is recommended that universities discuss with the IT departments about issuing a mandatory password reset for all users.
Please also consider the following actions:
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication. Information on how to locate email headers can be found at https://mxtoolbox.com/Public/Content/EmailHeaders/
- Use strong passwords which include a mixture of letters, numbers and special characters, and include both upper and lower case characters. Furthermore, it is encouraged that random words as opposed to passwords with personal meanings (e.g. children’s names)
- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
- If you think your bank details have been compromised, you should immediately contact your bank.
- If you have been affected by this, or any other fraud, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.
Thanks to Gwent Now