Common Phishing Threats

phishing white_s

Below are details of some common phishing threats that are currently circulating. Please don’t assume that a suspicious email is not a phishing attempt if it isn’t listed on this page, you should always be alert to anything which might compromise your log in details, financial information or other personal data. For more advice about staying safe online visit go.shu.ac.uk/itsecurity, or read our blog post.
Sheffield Hallam University runs virus protection and scam detection software and regularly deploys update patches to maintain security when vulnerabilities are discovered. The size of the University and the number of emails we receive mean there are still risks though – and you can also be exposed to cyber-threats at home. It’s therefore important to be constantly mindful of the dangers and what to look out for.

This guide offers advice on avoiding phishing scams. Read our IT Help pages to see what to if you receive a suspicious phishing or spam email.
You can also read the Sheffield Hallam University Staying Safe Online leaflet.

Recent threats include:

  • Several internal reports of emails purporting to be from named SHU staff asking for invoice payments. These are bogus emails (despite potentially appearing to come from someone you know) – please do not click on any links and follow the advice above on dealing with phishing scams..

 

  • We have had reports of  sophisticated scams at other universities aiming to obtain users’ login details for the HR portal. These details are subsequently used to change bank account details so wages and expenses are paid to the fraudsters. There is no evidence that Sheffield Hallam University has been targeted but we are asking members of staff to be on their guard.  Find out more here.

 

  • A phishing attack is targeting gmail users. A PDF attachment takes victims to a fake gmail sign-in page.  Once the user has signed in the scam is then sent to other gmail users with information from the sent items folder. This means the phishing attacks can look very convincing with realistic subject lines and appearing to come from known contacts.  Once the hackers have access to your account they may be able to use your personal details and password on other services you use. You can avoid being targeted by enabling two-factor authentication.  To check whether the log in page is genuine, look out for the prefix ‘data:text/html’ in the browser location bar, which indicates that you are being directed to an illegitimate web page. The real log in page should start https://accounts.google.com/ServiceLogin

 

  • South Yorkshire Police have warned us about a scam which is circulating. Fraudsters are phoning educational establishments claiming to be from the Department of Education asking for contact details of key people claiming they need to guidance forms to them.  These so far have varied from exam guidance to mental health assessments.   The scammers on the phone will claim that they need to send these documents directly to a particular contact and not to a generic school inbox, using the argument that they contain sensitive information.  The emails will include an attachment – a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware that, once downloaded, will encrypt files and demand money to recover the files. Similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers .
  • A scam is currently operating which pretends to offer students an educational grant in an attempt to capture bank details – see this bbc news item for details
  • several different versions of emails purporting to be about users Outlook Accounts which take people through to a fake Outlook interface to collect passwords and usernames.
  • An email which purports to be an invoice from Amazon EU Sarl, a legitimate branch of Amazon, requesting payment. The email includes the Amazon logo, terms and conditions and also includes an attachment. Amazon do not attach items to Order Confirmations. For more information about spotting fraudulent Amazon emails, please see the Amazon help pages.
  • the emails below – and other similar ones.  (NB: the PDF links below have been disabled but are live in the emails which are circulating).

 

Phishing email 3 August


Section one – Introduction

 

 

 

 

 

 

 

 

 

 

 

 

Hello And Greetings,
Apologies for the late payment,kindly see the below PDF link for payment confirmation slip.

For secure access and data protection kindly authenticate by verifying via the pdf link to gain secure access to the payment receipt.

Payment Receipt Link:   http://tinyurl.com/zk27ymn

Let me know when you have it and please confirm the details.

Accounts Payable
Viola Cruz

 

From: Amazon Customer Service [mailto:reply@amzncustomerservice.faith]
Sent: 11 October 2016 15:47
To:
Subject: Your Amazon.co.uk order of “Am-Tech Heat Shrink Wire ..” and 18 more item(s)

 

Dear Client,

Your invoice is attached. Please transfer payment as promptly as practicable.

Thank you for cooperation – we highy appreciate it.

Need to make changes to your order? Visit our Help page for more information and video guides.

We hope to see you again soon.

Sincerely yours,
Preston Franzen

Unless otherwise noted, items sold by Amazon EU Sarl are subject to Value Added Tax based on country of delivery in accordance with the EU laws on distance selling. If your order contains one or more items from a seller other than Amazon EU Sarl, it may also be subject to VAT, depending upon the seller’s business policies and the location of their operations. Learn more about VAT and seller information.

This e-mail is only an acknowledgement of receipt of your order. Your contract to purchase these items is not complete until we send you an e-mail notifying you that the items have been dispatched.

Please note: This e-mail was sent from a notification-only address that can’t accept incoming e-mail. Please do not reply to this message.