Increase in Phishing Attacks

Published: Posted on

We have had a lot of phishing attacks recently, many coming from University staff and student accounts that have given their username and password in response to an earlier attack.

A lot of people are responding to these.  The wording varies, but all follow a very traditional pattern for phishing messages.  They include emails telling you that your account will expire, you have messages waiting, and your account needs to be validated.   The formatting and wording varies.  Some have images in and some are just text.

If you receive one, delete it.  If you are aware that you have responded to a message, change your password immediately.

All include a link to a website which asks for your login details and many look like an Outlook Web Access login page.

The following is an example (names and email addresses have been changed)

From: Campus__Helpdesk <i.b.phished@bham.ac.uk>
Sent: 20 May 2020 14:56
To: Richard Trevithick (Engineering) <r.trevithick@bham.ac.uk>
Subject: Action Required For: r.trevithick@bham.ac.uk

You have (21) new Campus Schedule message
Follow link below to access this updates

Review Scheduled Message Here

HelpDesk-Services 2020
Security Message

There are plenty of indications that this should make you suspicious

    • The From: field an unusual name that might look a bit like the IT Service desk, but with a personal address.
    • The message in this case makes no sense.  What is a “Campus Schedule Message”?  Why would you need to follow a link to “access this updates”?
    • The link is to a site that has nothing to do with the  University (http://updatevoiceexchange.com/inculdes/uvic/uvic.html
    • The message is signed HelpDesk-Services 2020, which is odd
    • The University email system does not store batches of email which you need to retrieve in this way

More information on how to spot malicious emails is available here.

Author: Chris Bayliss

IT Security Manager.

Leave a Reply

Your email address will not be published. Required fields are marked *