23 Feb 2017
Phishing attempts at universities
There have been a number of fraud attempts at universities over the last two months, which have involved the use of phishing emails to access the payroll self-service section of university internal websites in order to divert staff wages.
The fraud occurs when a member of staff clicks on a link within a convincing university-branded phishing email and is then diverted to a convincing but fraudulent version of the login screen for the university’s intranet/HR portal. The staff member then unwittingly logs-in and in doing so provides their genuine login details to the fraudster, before the webpage generates an error message.
The fraudster then uses the acquired staff login to change the bank account details to a fraudulent account which, if not spotted by system checks, will divert the staff member’s pay to the fraudulent account.
Please take care if you receive such an email and do not click on any links unless you are absolutely sure of the email source.
If you do click on the link and enter your details, please contact IT Services who will be able to advise you on what you should do and can help you reset your University password.