Fraudsters targeting University staff in pay rise scam

Padlock

[28 February 2017]

We’re urging University staff to be vigilant following reports from staff receiving bogus pay rise emails.

Universities across the UK, including Bristol, are being targeted by fraudster looking to redirect salary payments. Phishing emails claiming to be from Professional Services departments, such as HR or IT, are being used to lure staff into giving away their credentials.

When staff click on links contained in these emails, they are taken to a fake website where they are asked to enter personal information, including University log in and financial details. Police forces and governmental agencies have also been targeted by similar emails.

If you have not done so already, you can better protect yourself against these scams by taking the Information Security training available in MyReview.

Passwords

We encourage all staff who fear that they may have shared their University password to change it immediately, and to stress that you should not use your University password for other services outside the University. 

The webpage for changing passwords can be found at: https://www.bristol.ac.uk/password

Additionally, you should avoid clicking on links or opening attachments in unsolicited emails or text messages. Fraudsters can falsify a trusted email address. If unsure, check the email header to identify the true source of the email (see the guidance below under 'Checking that an email is from a legitimate University of Bristol email address').

How will I know if it is an official University message?

The University will never ask you to disclose your password. On rare occasions IT Services may need to contact you about your account or request that you change your password, we will direct you to the University's secure "Changing passwords" web page (see above). Please familiarise yourself with the look and feel of this web page. If concerned go to the University website and search for the page rather than clicking the link.

Please be aware that messages with the announcement at the top stating that "This message was not sent to Spam based upon your organisation's request" may still be a phishing attempt.

Checking the web address of links in emails

We have also seen copies of University webpages and would therefore advise that you hover the mouse over the link given in an email and check the actual link shown matches what is in the email and is a bristol.ac.uk / bris.ac.uk address as it is easy to show one link but have that link take you elsewhere.

Checking that an email is from a legitimate University of Bristol email address

In the Gmail web interface, at the top of the open email message, next to the details of who the message was sent from and who it was sent to, is a downward pointing arrow. By clicking that arrow you can reveal details of the signed-by header.

For legitimate University emails these will be:

Signed by: bristol.ac.uk

If the above is missing, or different, you should verify the identity of the sender by some means other than replying to the email.

Even if the header is present and correct, it is not unknown for University email accounts to be compromised, so still be wary of unexpected requests for financial details, confidential data, etc..

For more information (including how to check the headers with other email clients) visit: https://support.google.com/mail/answer/180707?hl=en

What should I do if I suspect an email is a phishing attempt?

If you receive email communication which you suspect may be a phishing scam do not respond, click any links in the email or open any attachments. You do not need to report it to the IT Service Desk.

However, if you have responded and provided your username and password, followed a link in the email or opened an attachment then please contact the IT Service Desk for advice.

If you are confident the email is false you can mark it as spam in Gmail. View the email in Gmail and you will see a button at the top with an exclamation mark in it. If you hover over it it says 'Report spam'. Click that button and the email will be marked as spam. As Google 'learns' this it will apply the rule across the University, helping to prevent similar messages getting through.