Email scam and virus advice

Although we take all of the anti-virus precautions that any other major organisation should do, there are some vulnerabilities that technology alone cannot fully avoid. It is important that you are aware of how to minimise the risks to you, your contacts, and the University.

Details of scam emails sent to students or staff

  1. OneDrive spoof email

    The email comes from a spoofed email address, that has a similar look and feel of a typical OneDrive sharing email.
    Before clicking any link from a OneDrive email, review the information in the email first including the sender address and any attached message.
    If you are suspicious that you have received a spoofed sharing link email, you can hover your mouse pointer over the link and review the URL.
    An authentic sharing URL will contain Illustrative image   where you will be taken to to the genuine Office 365 login page.
    Whereas a spoofed email will contain an unfamiliar URL such as eventsbyfd*com, in which the malicious link sends you to a fake Office 365 portal sign-in page and asks for logon credentials. Then goes on (once entered) to ask you for more personal data eg mother’s maiden name etc.

    As many staff and students use OneDrive sharing, please make sure the link is genuine before clicking.

  2. Payroll self-service spoof email
    Example phishing email sent to some Universities (details changed) to access the payroll self-service section of university internal websites, in order to divert monthly staff pay.

    From: XX Payroll, Date: 18 January 2017 at 00.54
    Subject: Your Salary Raise Documents

    The Payroll Verification Report was reviewed and it was noted that you are due for a 12% salary raise on your next paycheque effective February 2017.
    All bonuses and deductions are advised therein The salary raise letter is enclosed below:
    Access the documents here <link>

    Human Resources & Payroll Benefits

  3. HMRC tax refund spoof email
    Example phishing email sent to some external recipients from an email address posing as a University address, in an attempt to harvest bank details.

    From: HMRC Gov UK <>
    Date: 17 November 2017 at 13.21
    Subject: DO NOT REPLY TO THIS E-MAIL | Payment return receipt - TA/GR/398461/GB67075/17

    Dear <email address>,

    This is an automated response and we will not be able to respond to any replies.

    Confirmation number - 311BF1E10695-40078-DYAY.

    HMRC sent you a confirmation for a refund of GBP226.53 on 17 November 2017.

    We tried to send it to you automatically but we don't have a credit/debit card stored on your account.
    -{Ready to claim it now?}-
    -have your credit/debit card ready
    -follow the instructions on your screen
    -login to your Gateway Gov account

    You can claim your refund here - <link removed>

    Remeber: If you enter invalid or incorrect information, this will cause a delay in processing your refund.

    Transaction information:
     - Receipt Date: 17, Nov 2017 -     
     - Refund amount : GBP 226.53 -         
     - Receiver Email: <email removed>         
     - Payment Method: Online Credit/Debit Card to your account - 

     HM Revenue & Customs computer systems will be monitored and communications carried on them recorded, to secure the effective operation of the system and for lawful purposes.

    The Commissioners for HM Revenue and Customs are not liable for any personal views of the sender.

Protection guidelines

To help protect yourself from potential security threats, please read the following guidelines:

  • Sometimes a scam email will be sent directly to your University email address. However, it can be sent to a generic account e.g. and still end up in your inbox or junk folder
  • A scam email may include a virus in the form of an attachment
  • Do not open suspicious emails, they could infect your computer (whether a University or home computer)
  • Email display names can be spoofed: be wary of all requests for personal information
  • Never log in to a website that you have accessed from an email link
  • Never send your passwords or sensitive data via an email
  • Never divulge any password. To assist with this security measure, the SIZ or IT Services will never ask for user passwords
  • Web pages that require authentication should always be accessed via the University home page:
  • If you are in any doubt as to whether a website is genuine, please contact the SIZ for advice
  • If you are suspicious about an email you have received please contact the SIZ for advice before you open it

Anti-virus can only go so far, and you should be very suspicions of:

  • Pop-up advertisements on your computer
  • Web browser tool-bars
  • Downloading the latest block-buster movie to your device, Not only is this illegal in any case, if it is free, the price is very likely to be an infection that you have ‘welcomed’ onto your computer
  • File sharing through Google-doc, personal One Drive and Dropbox etc

Malware: viruses, trojans, spoofing and identity theft

Malware is a term used to describe various software that is used to damage or infiltrate computers. Malware is used by online criminals to conduct scams, obtain confidential information, extort money, and for general disruption.

Some criminals snoop on you to catch enough information to impersonate you to steal from your bank, to get a fake passport, or to capture your passwords (for Moodle, HR, Student records etc) in order to capture other people’s personal information.

For example, the malware attack we experienced in July 2015 comprised a virus hidden in a zip file attachment to an email sent from an airport hotel in Korea which, if opened, encrypted your personal files. This scam also tried to ‘sell’ a decryption, a solution the perpetrators had no intention of providing and in which they were trying to get you to enter your credit card details so they could steal from you.

What we do to avoid viruses

Viruses occur all over the world, with new variants being tried, some of which auto mutate in order to continuously try to gain entry again and again. Anti-virus software is also in constant evolution. The University uses the leading anti-virus, and every release of software from the anti-virus companies is automatically downloaded to the University and installed immediately. However, the solution to a virus cannot be designed and delivered until someone has been infected. After someone has reported an infection, a solution is usually provided in a few hours. In the meantime we are vulnerable to that particular strain of virus.

Wherever they come from, the University’s IT services typically repel in excess of 10,000 (and sometimes over 100,000) malware infection attempts per day.

What you should do to minimise risks

All University machines have the latest virus protection software, and we most strongly recommended that you buy anti-virus software such as Norton, Kaspersky or McAfee for your own devices. Some basic anti-virus solutions are available for free, for example AVG.

If you suspect that you may have a computer virus or that you have inadvertently triggered Malware on your device, please contact the SIZ helpdesk immediately by phone on 01243 816222.  Please also disconnect the device from the University’s network by unplugging the network cable and / or switching off the WiFi on the device.

If you suspect that you may have a computer virus

If you suspect that you may have a computer virus, or that you have inadvertently triggered Malware on your device please contact the SIZ helpdesk immediately by phone on 01243 816222. Please also disconnect the device from the University’s network by unplugging the network cable, and ideally by switching off the WiFi on the device.

If you see something suspicious, please call SIZ (01243 816222) for advice.

If we believe your account has been compromised, the IT security team will immediately reset your password and then notify you by telephone as soon as possible

The security of our systems and data is of the upmost importance. Your attention is drawn to the Code of Conduct within the University's Electronic Informatiion Security Policy. 

Still need help?