Oops...you've been phished!

A phishing message is an unsolicited email which tries to get you to reveal information, most commonly your username and password, to criminals.

Your University of Birmingham username and password are extremely valuable commodities and will be sold on by criminals who have managed to pursuade you to reveal them.  They allow criminals to pretend to be you and, most frequently, send spam to other people (inside and outside the University), read your emails and access journals the University subscribes to without paying themselves, sometimes resulting in the entire University's access to particular journals being temporarily cut-off.  In the past, some members of the University have had to be issued with completely new e-mail addresses because their credentials were stolen and used by spammers.

The University's Information Security and Management Group, the group responsible for Information Security, have instructed IT Services to send emails to staff that pretend to be a phishing message.  Our goal is not to penalise or embarrass those who fall for the scam but to raise your awareness of the danger posed by unsolicited emails that direct you to websites asking for your username and password.

If you have any questions about why we are conducting this campaign or would like to discuss it further, please contact the IT Security Manager, Chris Bayliss, on ext. 43991 or you can email the IT Security Team on itsecurity@contacts.bham.ac.uk.

The IT Security Team maintain a blog about new or interesting malicious messages at https://blog.bham.ac.uk/itsecurity/.  We don't post about all new malicious emails, there just aren't enough hours in the day to keep up with them all, so it is important that you remain diligent - just because it is not listed as malicious, it doesn't mean it's safe.  Our post on spotting malicious emails gives much more detailed information on staying safe than is possible in this brief  message https://blog.bham.ac.uk/itsecurity/2016/12/22/malicious-emails-and-how-to-spot-them/.

The email you clicked on will have looked like this. It is pressuring you to click a link to a login page.  We have highlighted some tell-tale signs to help you know what to look for in future:

 

The login form you will have typed your username and password into looked like this.  Note that we changed the default visibility of login form, which a real phishing attack would not have done, to make it more obvious:

 

 

Emails have been sent on the following dates:

• Tuesday 7th December2021 - Monday 13th December 2021

IT Services has only sent a simulated phishing email on or around these dates. If you have received an email which has directed you here but wasn’t sent on one of the agreed dates or didn't look like the example above then it is possible that this was a real phishing attack and you must change your password immediately and contact the IT Service Desk for further advice.

You may ask yourself if you can trust the information here.  If you look in your address bar, you will see that this page is on the intranet.bham.ac.uk site.  This should tell you that the page is trustworthy because it is within the bham.ac.uk domain.