A reminder to remain vigilant of ‘phishing’ emails and messages.
We recently received a report of a scam email sent to staff members. It purports to be from a member of university staff, but was sent from a non-University email address, as indicated by the ‘external email’ banner (see below).
Other red flags to look out for are a generic greeting and a sense of urgency – “Let me know ASAP”.
How the scam works - Are you free at the moment? Let me know ASAP.
This scam presents as a short email from someone in your organisation, usually a senior colleague, saying that they need you to respond ASAP.
If you respond, they usually ask you to purchase gift cards or wire money somewhere.
The scammer has just spoofed the email address that it appears to be coming from (often just changing the display name), not compromised any account. Scammers may, for example, target an entire lab or one person's direct reports, using contact information that is publicly available.
Variants of this scam have hit many universities.
Red Flags
These emails usually have some common traits which should raise red flags. The example below is based on a real email seen in the Queen’s environment, recently. The red flags highlighted in this email can help identify these scams in future.
The conversation goes something like the below example:
If you reply, you might receive something like the following, we have seen variants requesting Apple Vouchers, Steam Gift Cards, Amazon Cards etc:
And then...
Advice
- If you receive a suspicious email, report it to abuse@qub.ac.uk.
- If you have any concerns at all about the safety of your account, please contact the IT Service Desk immediately: itservicedesk@qub.ac.uk
- Report fraud to the Action Fraud police site - https://www.actionfraud.police.uk/
ACE-CSE
Queen’s holds an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) Gold Award from the National Cyber Security Centre (NCSC) and the Department for Science, Innovation & Technology (DSIT).