WARNING: Phishing targeting My.HR via email
3:48PM, 10 July 2017
A number of bogus/phishing* emails were delivered to some University staff on Friday late afternoon targeting the MyHR system.
On this occasion, the phishing email contained: many spelling mistakes, the use of the old University logo, a bogus Italian email address, and phrases that are rarely used in legitimate Loughborough University email communications. Despite these warning signs, many recipients clicked on the link and entered their username and password when faced with a fake My.HR website. Colleagues in HR are contacting those where banking details were changed by the scammers.
Please be vigilant when dealing with emails containing links or attachments, especially those purporting to be from the University or a helpdesk or saying to ‘click here’ to update your account, retain your access or similar.
If you have received a phishing email, clicked on the link and provided your university credentials (username and password), please contact the IT Service Desk (firstname.lastname@example.org or 01509 222 333) so they can check your university mailbox and take recovery action. If you are unsure if an email is real or not please don't hesitate to contact the IT Service Desk for advice.
More information and guidance can be found on the University’s IT Services website, under the ‘Email’, ‘General Guidance’, ‘Phishing’ link.
* Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.