We have a huge number of reports of a phishing campaign which many people have recognised as such. Some, however, appear to have been taken in by this. Initial versions came from outside the University which were easy to spot as bogus.
However, once some people had given their passwords away their accounts were then used to send the messages. As these came from University staff members some recipients trusted them. I would like to remind everyone that IT Services does not pick random staff from random departments to send out messages on our behalf.
Here is an example which has been anonymised.
Clicking on the link will load the following page.
This is a copy of our staff portal page. However, the address in the address bar at the top indicates that it is not our portal page. IT services does not send unsolicited emails linking to pages where you have to login, so even without the incorrect address it should be clear at this point that something is wrong.
