A significant number of our students received a phishing email purporting to be from our Finance Department, but originating from student email addresses at another university. The email said they had been awarded a grant and they needed to click on a link to go to a form to complete their details.
The link took them to a fake university-branded webpage, hosted on a compromised server in the US. The web page asked them for a large amount of personal data, including date of birth, mother’s maiden name, bank card details etc. Further, on submit it took them to a subsequent page branded to the bank that they had entered, asking for further information such as telephone passcode, last transactions, etc. In other words, everything necessary to steal identity and get past bank online and telephone security checks. A sophisticated attack.
This was clearly targeted at our students, as the site was branded and no obvious reference to other universities on the compromised web server, but it is possible that others will see similar attacks in the next few days.
The original email header looked like:
Example fake (phishing) email
From: University of Xxxx <xxxxx@students.xxxx.ac.uk>
Date: 22 September 2017 at 13:38:24 BST
To: xxxxxxx@xxxx.ac.uk
Subject: You have been awarded a student grant
If you receive an email similar to the above, then please do not reply, click on any links or give any personal information.
If you are unsure, please feel free to contact the International Experience Team on internationalexperience@shu.ac.uk or call us on 0114 225 3813 for further advice.