Phishing warning

The University is currently being targeted by emails which contain malicious code.

The latest ‘attack’ appears to have tricked a number of colleagues; at least one person has had their personal bank accounts compromised. Please read the rest of this article to ensure you are aware and prepared.

What do we mean by ‘Malicious email’?

In this context malicious email is one which has been sent with criminal intentions – for example:

  • Phishing emails - An email designed to trick you into revealing your password or other details, possibly by asking you to follow a link in the email. The link in these emails actually takes you to a malicious website which may look very realistic, but in fact is controlled by criminals.
  • Malware attachment – An email designed to trick you into opening an innocent looking attachment which actually contains malware. Malware is an umbrella term used to describe hostile software. Examples of malware are:
  • Ransomware – Malicious encryption of your files with a ransom demand for a password to restore them
  • Keylogger – Hidden software that monitors your key strokes to get your username and passwords to websites such as your online banking credentials)

What is IT doing to protect me?

The University has sophisticated filters that attempt to protect you from ever receiving malicious emails and spam emails (unwanted adverts). All computers supported by IT have antivirus software installed which acts as a second line of defence. Unfortunately, the perpetrators of malicious email are aware of these defences and are constantly innovating, and the latest attack is sophisticated in that no two emails are the same. If you do receive a spam email you can forward it to  This will allow it to be added to our spam filters which will automatically block such emails in future.

What can I do to protect myself?

Please be extra vigilant when opening emails. Remember:

  • Be very wary of email attachments - if you're not sure who an attachment is from or whether it is genuine, do not open it.
  • Never allow macros (eg in Word or Excel) to run unless you are sure they are genuine and safe.
  • The University (or any other reputable company) won't ask you to reply to an email with your username, password or other information like bank account details in an email. NEVER reply to these emails.
  • If you are asked to click on a link, type the link into your browser rather than clicking on it directly. Sometimes links in emails look genuine but would actually send you to a different site.
  • Don't fill in any attached forms that ask for your username and password or other personal details. We will never ask for your details in this way.

If you think you have responded to a spam email or opened an attachment with malware in please contact the IT Help Desk (tel 0113 343 3333) immediately. For more information see the Information Security website.

Posted in: