We have had a lot of calls and emails from people concerned about a recent malicious email (fake DHL parcel notification – see https://blog.bham.ac.uk/itsecurity/2017/04/04/malware-in-fake-dhl-parcel-notification/). The messages were sent mainly to Majordomo mailing lists, so many people received multiple copies. It has become apparent that many list owners are not taking advantage of security features of … Continue reading “Majordomo Mailing Lists and Malicious Email – Advice for List Owners”
Malware in Fake DHL Parcel Notification
We have received numerous messages containing email claiming to be from DHL about a parcel. The messages ask you to download a “javascript report”. Javascript is a language for writing programs and not the type of file that would contain a report. This is in fact a javascript program that when run downloads other malicious … Continue reading “Malware in Fake DHL Parcel Notification”
Malicious email from Birmingham University account
The following are examples of phishing email sent from a Birmingham account that had been compromised. If you look carefully at the content it should be clear that the messages are not genuine. We think that the fact that it originated from within the University led some people to believe that it was real. … Continue reading “Malicious email from Birmingham University account”
Fake UKPC parking tickets
Amongst the other scams and phishing emails that are around, there is a fake email based parking ticket scam being sent to people nationally. The email contains a fake parking ticket. The email claims to be from UKPC and has a link that tries to trick you into downloading malware onto your PC. This has … Continue reading “Fake UKPC parking tickets”
Password Policy
People sometimes question why we have a policy that requires people to change their passwords every six months. The question is often asked following publication of articles suggesting that abandoning password expiry should be considered. This blog entry explains the current position which has recently been reviewed and accepted by ISSG, the University group responsible … Continue reading “Password Policy”
Genuine Password Change Notice
Please note that there is now an updated version of this notice. Please see the following article. IT security policy requires password changes every 180 days. In order to achieve this, passwords are set to expire approximately every 180 days. Warnings and reminders are sent in the period running up to password expiry times. This … Continue reading “Genuine Password Change Notice”
Bogus Booking Confirmation
We have received a few of these today. The booking confirmation links to malware which could infect your PC.
Pay Rise Too Good to be True
The following email generated a few queries. We are not sure if the message was associated with phishing or malware because the target web page was taken down before we had time to analyse it.
Malicious Emails and How to Spot Them
Millions of malicious emails are sent every day. Many of these are trying to steal your personal details. Most of you are aware that criminals send messages that pretend to come from your bank to steal bank and other personal details, but a fair proportion of these target less obvious information such as your University … Continue reading “Malicious Emails and How to Spot Them”
Fake Speeding Notifications
Quite a few fake speeding tickets have been sent to University members. There have been variations of this type of email, all claiming to be from Greater Manchester Police. The link in this example led to a page inviting you to open a document and asked for your username and password. Another very similar message … Continue reading “Fake Speeding Notifications”