Important IT alert: Phishing emails going around universities
Phishing is a type of cybercrime in which attackers pose as trusted individuals or organisations to trick people into revealing sensitive information, often via email.
We are aware of a targeted phishing campaign currently affecting education organisations. Some emails may appear to come from genuine contacts at other universities or colleges whose accounts have been compromised, meaning the messages can look very convincing and may bypass standard spam filtering.
Please be cautious of unexpected emails, particularly those that claim a document has been shared with you, ask you to sign in to Microsoft 365, or refer to general notices or appointments you were not expecting. Sign‑in prompts appearing after clicking email links should be treated with particular care.
If you are unsure about an email, do not click any links or open attachments, and do not enter your username or password. Use the 'Report Email' button to report it.
If you think you may have clicked a suspicious link or entered your details, contact the IT Service Desk immediately. Prompt reporting helps us protect your account and reduce any wider impact on the University.
What to look for
- Unexpected emails claiming a document has been shared with you, particularly Word documents or similar files
- Messages asking you to open a document and then sign in to Microsoft 365
- Emails referring to general notices, appointments or administrative updates you were not expecting
- Sign-in prompts that appear after clicking a link in an email, especially if you are already signed in elsewhere
What to do
- Do not click any links or open attachments
- Do not enter your username or password
- Use the Report email button to report the message
- If you think you may have clicked a link or entered your details, contact the IT Service Desk immediately
Useful links to protect yourself against phishing emails