13 May 2016

Spam email warning

The University is currently seeing an increased amount of malicious email. Several users have had their accounts compromised as a result. Please read on to ensure that you are aware and prepared.

Recent e-mails have contained subject headings such as ‘Important: Information Technology Security System' and ‘Your information update notification'.

A phishing email is designed to trick you into revealing your password or other details, possibly by asking you to follow a link in the email. The link in these emails actually takes you to a malicious website which may look very realistic, but in fact is controlled by criminals.

What is IT doing to protect me?

The University has sophisticated filters that attempt to protect you from ever receiving malicious emails and spam emails (unwanted adverts). All computers supported by IT have antivirus software installed which acts as a second line of defence. Unfortunately, the perpetrators of malicious email are aware of these defences and are constantly innovating, and the latest attack is sophisticated in that no two emails are the same. If you do receive a spam email you can forward it to is-spam@leeds.ac.uk. This will allow it to be added to our spam filters which will automatically block such emails in future.

What can I do to protect myself?

Please be extra vigilant when opening emails. Remember:

  • Be very wary of email attachments - if you're not sure who an attachment is from or whether it is genuine, do not open it and contact the IT Service Desk for advice.
  • Never allow macros (e.g. in Word or Excel) to run unless you are sure they are genuine and safe.
  • The University (or any other reputable company) won't ask you to reply to an email with your username, password or other information like bank account details in an email. NEVER reply to these emails.
  • If you are asked to click on a link, type the link into your browser rather than clicking on it directly. Sometimes links in emails look genuine but would actually send you to a different site.
  • Don't fill in any attached forms that ask for your username and password or other personal details. We will never ask for your details in this way.

If you think you have responded to a spam email or opened an attachment with malware in please contact the IT Service Desk, 33333) immediately.

For more information see the Information Security website.

Posted in: