The University has received notification of fraudsters running sophisticated scams at other universities to obtain users’ login details for the HR portal. These details are subsequently used to change bank account details so wages and expenses are paid to the fraudsters.

On receipt of this notification SHU is taking the following action:

• Contacting all staff who have changed banking details since the last pay day on January 15th verifying the change is legitimate
• Adding filters to the SHU mail systems to block known e-mail subject titles. A search of the logs show no previous use of these subject titles in previous emails
• Communicating with staff via the staff intranet, eView and the IT Security Blog

There’s no indication that SHU has been targeted yet and staff are being informed of the current risk via a number of channels.

As always please be aware of unsolicited emails enticing you to click a link or open an attachment. This particular phishing attempt used both branded emails and a branded web login page indistinguishable from the actual HR employee portal

If you’ve:

• had any suspicious/unsolicited emails
• clicked on a link in an unsolicited email taking you to the Core Portal
• entered username/password into the Core Portal that has subsequently failed to load

Please contact the helpdesk on 3333 or via ITHelp@shu.ac.uk

For more information see this article on protecting yourself from phishing fraud and this advice on the staff intranet about dealing with suspicious emails.