“Phishing” is when threat actors use e-mails, and other messaging platforms to send scam messages. These messages will often appear legitimate however, they are actually malicious.
The most common tactic is embedding a link in the email as a hyperlink which allows the actual link to be hidden behind text. For example, the link could be “www[.]passwordstealer[.]com” whereas what you see in the email is “Reset your Password”. Links like these will often take you to a fake website made to look official (e.g. a Microsoft Sign-in Page) with the hopes you will input your username and password/bank details for the threat actors to steal.
Across the university, the Cybersecurity Team have implemented strong protective measures to filter out malicious e-mails however, we cannot capture every single one. This is where you come in – if you think an email looks suspicious, do not click anything within the email and report it to Digital Services.
Email Compromise
Email compromise scams involve threat actors impersonating family, colleagues, managers, and IT Support via email to initiate a fraudulent transaction, or to extract sensitive information. Although a high number of phishing email will appear generic, with wording that could apply to multiple recipients, these attacks can be targeted, using language and branding that is unique to University of Staffordshire, or our partners, in an attempt to appear legitimate and trick the recipients.
There are some tips to help you protect yourself from accidentally actioning anything in a phishing email, or to help you spot a phishing email. However, please remember that these do not necessarily apply to all phishing e-mails and you should always be cautious:
- Be cautious of emails requesting financial transactions, or sensitive information.
- If you do receive an email with random files, links, or asking for payment, always check if you were expecting this email.
- Double check the sender address and the name associated with it for any discrepancies, sometimes the email address may only have 1 letter different!
- Always verify the authenticity of an email request if you are unsure by contacting the sender through a known, trusted method (not the same email!).
- Report any suspicious emails using the “Report Message” feature in Outlook, and make sure you don’t click on any links, or open any files.
If you ever think that you have clicked on a malicious link, or opened a malicious file, contact us on Solve immediately.
Phishing Examples
Like we have mentioned before, universities and other educational institutions are high-level targets for phishing e-mails and social engineering. Take this as an example, this was a highly sophisticated attack which was sent to some staff members across the university.
The above image shows not only the received phishing email but also the pages shown when you click through. As you can see, clicking on the hyperlink will take you to, what looks to be, a Microsoft login page – it’s fake! However, it is a dynamic login page, and, depending on the email domain inputted, the background images change. We tried this for BCU e-mail domains and UoS email domains as you can see above.
What makes it clear that this isn’t legitimate? Take a look at the website address. It isn’t the official Microsoft one – it is “optimalengineershub”. We also know that this is an automated attack as, just seconds after entering the username, the attacks began. We saw multiple login attempts from different locations (all failed!):
Unfortunately, our security systems cannot block all these emails so, during your time here, you may receive one. The best way to deal with this is by not clicking on anything in the email, but, instead, report it using the Outlook reporting feature.
If you receive the email in a shared mailbox, unfortunately, there is no report function in Outlook. Please, report any suspicious e-mails through Solve.
Outlook desktop:
Outlook browser:
Outlook mobile:
