BU is one of many organisations targeted with spam and phishing emails, which are designed to look as though they come from banks, credit card companies, online shops and auctions, as well as other trusted organisations.
We have received reports of new phishing scams, including one where users receive an email which appears to be from Microsoft Office 365, asking them to sign in to retrieve pending emails. The scams can also look to be from a compromised BU email address, directing users to open an online PDF document which then asks you to log into a fake Microsoft login page.
These emails are designed to encourage you to open the attachments or click on links which then deliver threats (Malware). These threats are constantly being developed to beat our own security measures.
As well as the damage they do to organisations, the threats also cause considerable harm to individuals, as they attempt to steal personal identifiable information. It is always worth looking at the URL or address line of the web page or the email sender’s name to check it is from the usual address.
IT Services have implemented controls to limit this phishing campaign, but please be vigilant before clicking on a link that is asking for your login details. If you receive a message asking you to act immediately or requesting personal information, then please don’t follow it. Please contact the IT service desk for assistance and to validate if the message is true and legitimate.
To help you spot any emails or websites of concern, here are a few examples to look out for:
- If someone is asking you to log in to a Microsoft or BU IT website to release an email
- Your account is expiring/disabling and requires you to login to stop from happening
- A shared document that requires your immediate action
- A link to unsubscribe to Microsoft newsletters, but the link is taking you to fake login page.
If you receive any emails which you think are suspicious or have clicked on a link from a phishing email, please contact the IT service desk for advice. By reporting any incident of phishing, you can help to prevent further cyber-attacks on other BU users. Sometimes, it may only need one compromised BU account to further attack other BU users or launch a sophisticated and hard-to-detect phishing campaign.
There is further guidance on how to stay safe online on the BU website.