An HMRC related phishing campaign attempting to steal BU login credentials and credit card data has been reported. Please take a look at the image below, which shows what the email looks like.
Once attackers get hold of the login credentials, they can be used to steal personal information, BU data and launch further attacks on our students and staff.
The email contains a PDF attachment which - if opened - downloads malicious files that can determine what vulnerable applications are installed on your device and check what devices are attached to your computer. Its main objective is to remain in your computer.
What to do if you receive this email:
The email subject line contains a context of HMRC refund and requires your immediate action such as "Payment Acknowledgement 9001248", "There is still time today" or "Oct. 10th 2018 deadline".
Attachment file looks like “IssuedOct082018_ID890012078.pdf” or “User-Refund-89326.pdf”
- Do not click on any weblinks on the email or open its attachment
- On your Microsoft Outlook application, mark the email as junk
- Delete it from your inbox folder and deleted items
- If the email subject line is not one of the above samples, then send this suspected email as an attachment to email@example.com.
If you have clicked on the link or have opened the attachment then please call the IT Service Desk on 01202 965515 to report this incident. It doesn’t take long to report the incident, but your quick response could our students and colleagues from similar cyber-attack.
Unsure about an email or have clicked on a malicious link?
If you are ever unsure about the legitimacy of any emails you receive or if you think you have clicked on a malicious weblink or opened a malicious document, call the IT Service Desk immediately on 01202 965515.
If you've opened a link, please don't supply any login credentials/input any information and close the Internet browser. If you've opened a malicious file attached on the email, close the document.