Rise in malicious emails received by staff


[12 September 2018]

Over the past week, the University has seen an increase in the number of malicious emails delivered to staff inboxes. The message usually references an outstanding invoice, contains an attachment and often appears to be from a University member of staff.

A message appearing to be from a member of staff does not necessarily mean that the staff member's computer is infected - their details may have been obtained via the original infection, a practise called 'spoofing'. We advise any recipient of these messages or a 'spoofed' sender to run a Malwarebyte scan on their PC (University or personally owned). Find instructions on running a Malwarebytes scan.

The malicious messages seem to be gaining traction using Sympa mailing lists and we are actively working to prevent these emails arriving in staff inboxes through Sympa's configuration.

Office 365 has been successful in stripping the harmful content from the attachment but please read the following advice regarding malicious emails;

  • Do not click on any links in the scam email.
  • Do not reply to the email or contact the senders in any way.
  • If you have clicked on a link in the email, do not supply any information on the website that may open.
  • Do not open any attachments that arrive with the email.

We also recommend staff complete the Information Security training modules which they can find in their MyReview account.

More information about email threats can be found on the Information Security webpage.

If you have any queries or concerns about this, please contact the IT Service Desk.