Warning – Ransomware attack

The University is currently being targeted by an email containing ransomware with the subject line ‘Up to date emergency exit map’.

Do not open the attachment or click on any links in the email.

The Word attachment contains malware, which will encrypt files on your computer and on the network. If you have opened this attachment, please contact the IT Service Desk immediately on 0113 343 3333. 

The University is regularly targeted by such emails, and although many are filtered out before reaching your inbox, please be vigilant. Visit the IT website for more general information about handling phishing.

Tips to avoid getting hooked by a phishing scam:

  • Be cautious about opening attachments you are not expecting. Even if they seem to come from someone you know, the address could be spoofed or the sender’s account compromised. If you receive an unexpected attachment from someone in the University, check with the sender before opening. 
  • If you open a Microsoft Office file (e.g. Word or Excel) and it warns you about the security of the file or the use of macros, do not proceed unless you are certain you know what the macros are and what they do. 
  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message.
  • Don't cut and paste a link from the message into your web browser – phishers can make links look like they go to one place, but they actually send you to a different site.
  • If you are concerned about a personal account, such as your bank account, contact the organisation using a phone number you know to be genuine, or open a new internet browser window and type in the company's correct web address yourself.

To report a phishing/spam email, please forward it (as an attachment, using the keyboard shortcut Ctrl + Alt + F) to spam@leeds.ac.uk. You do not need to contact the IT Service Desk unless you need advice, have clicked on a link or opened an attachment in a phishing email, or have any concerns that your account may have been compromised.  

Posted in: