Oops...you've been phished!

phishingDo not worry though, this time it's only the IT Security Team. 

This is part of a campaign being run by IT Services to raise awareness of the problem of phishing emails and you have been directed here after entering your username and password into the website of a company that is not part of the University. 

If this was a real attack, cyber-criminals would now have your username and password. 

Fortunately, the company hosting the phishing form is working with the University and we have already made sure your password will not be recorded or stored.  Rest assured that on this occasion all of your details are safe and you do not need to change your password or contact the IT Service Desk.

We welcome your feedback about these phishing campaigns and would appreciate if you could take a few minutes to complete the survey below by clicking the following link:

Simulated Phishing attack survey

What is a phishing message?

A phishing message is an unsolicited email which tries to get you to reveal information, most commonly your username and password, to criminals.

Why does it matter?

Your University of Birmingham username and password are extremely valuable commodities and will be sold on by criminals who have managed to pursuade you to reveal them.  They allow criminals to pretend to be you and, most frequently, send spam to other people (inside and outside the University), read your emails and access journals the University subscribes to without paying themselves, sometimes resulting in the entire University's access to particular journals being temporarily cut-off.  In the past, some members of the University have had to be issued with completely new e-mail addresses because their credentials were stolen and used by spammers.

Why are you doing this?

The University's Information Security and Management Group, the group responsible for Information Security, have instructed IT Services to send emails to staff that pretend to be a phishing message.  Our goal is not to penalise or embarrass those who fall for the scam but to raise your awareness of the danger posed by unsolicited emails that direct you to websites asking for your username and password.

If you have any questions about why we are conducting this campaign or would like to discuss it further, please contact the IT Security Manager, Chris Bayliss, on ext. 43991 or you can email the IT Security Team on itsecurity@contacts.bham.ac.uk.

How can I recognise a phishing message?

The IT Security Team maintain a blog about new or interesting malicious messages at https://blog.bham.ac.uk/itsecurity/.  We don't post about all new malicious emails, there just aren't enough hours in the day to keep up with them all, so it is important that you remain diligent - just because it is not listed as malicious, it doesn't mean it's safe.  Our post on spotting malicious emails gives much more detailed information on staying safe than is possible in this brief  message https://blog.bham.ac.uk/itsecurity/2016/12/22/malicious-emails-and-how-to-spot-them/.

How do I know I can trust this information?

The email you clicked on will have looked like this. It is pressuring you to click a link to a login page.  We have highlighted some tell-tale signs to help you know what to look for in future:


The login form you will have typed your username and password into looked like this.  Note that we changed the default visibility of login form, which a real phishing attack would not have done, to make it more obvious:



Emails have been sent on the following dates:

  • Tuesday 7th December2021 - Monday 13th December 2021

IT Services has only sent a simulated phishing email on or around these dates. If you have received an email which has directed you here but wasn’t sent on one of the agreed dates or didn't look like the example above then it is possible that this was a real phishing attack and you must change your password immediately and contact the IT Service Desk for further advice.

You may ask yourself if you can trust the information here.  If you look in your address bar, you will see that this page is on the intranet.bham.ac.uk site.  This should tell you that the page is trustworthy because it is within the bham.ac.uk domain.



Professional Services