Category: Security

Phishing Scam: ‘FW: Urgent Attention Required.’

Some users are receiving emails with the Subject: FW: Urgent Attention Required.

These emails look like they are coming from a member of staff within the University – the content is “You have received a secured document “Outstanding Payment”. To view the document click here.”

Do NOT click on the link provided. If you have clicked on the link, please reset your password straight away.

If you have any queries, please contact Help4U.

Junk Mail from: scot-ccm-noreply@eurodyn.com

An unknown number of users have received spam mail:

From: <scot-ccm-noreply@eurodyn.com>

We are taking action to have these blocked from coming into the University, however locally you can:

Highlight the email (Right Click) -> Junk -> Block Sender

More information about Spam Mail and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on any links/attachments or if you need additional information or support.

Nuisance calls that appear to come from an internal number

The University has recently experienced a small number of nuisance calls. Whilst they appear to be from numbers within the University, they do not originate from our systems.

What is the easiest way to check if the call is legitimate?
Nuisance calls that appear to be from a University extension will display an 01382 dial code in front of the University number. Genuine internal calls will normally only display a five-digit short number on your office telephone.

Colleagues should feel comfortable ending any call which uses threatening or abusive language and should not feel that they are required to engage with any caller displaying such behaviour.

Phishing scam: ‘Expiration Notice’

An unknown number of users have received a phishing scam message:

From: Helen Murray <userservices.supervisor@gmail.com>

Subject: Expiration Notice

The message claims that ‘your access to “My Dundee” will soon expire’. It goes on to state “You can reactivate it by logging in through the following URL” which is hyperlinked into the email.

Do NOT click on the link provided. The link is NOT to a Dundee site, but to leads to a .Dundee.ac.neze address, which is not legitimate.

Users should always change or reset passwords using proper University methods.

Best practice is to delete the email entirely. Please do not reply to the e-mail or click/copy-paste the link within it.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the link or pasted it into your browser’s address window, or if you need additional information or support.

Phishing scam: ‘Your 02 Bill’

An unknown number of users have received a phishing scam message:

From: My 02 Business <wielen155@mycenter.pl> 
Note that the sender address can be anything; the ‘O2’ spam messages about which we have been notified come from different accounts in different domains.

Subject: my02Business – Your 02 Bill is ready

The message states that ‘…you have a bill for xx/xx/xx. This month you have a payment for £xxx. We will take it away from your account at the payment day, or a bit after.’  It goes on to mention that you should click on a web address (to view your bill) included in the message. 

Do NOT click on the link provided.

Best practice is to delete the email entirely. Please do not reply to the e-mail or click/copy-paste the link within it.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the link or pasted it into your browser’s address window, or if you need additional information or support.

Phishing scam: ‘Library Notifications’

An unknown number of users have received a phishing scam message:

From: University of Dundee <library@dundee.ac.uk>
Subject: Library Notifications

The message states that ‘…the University Libraries will be implementing changes to the authentication mechanism used for granting access to subscribed article databases….’  It goes on to state that you should click on a web address included in the message or copy and paste the address into your web browser.

Do NOT perform either action.

Best practice is to delete the email entirely. Please do not reply to the e-mail or click/copy-paste the link within it.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the link or pasted it into your browser’s address window, or if you need additional information or support.

Phishing scam: Project Update projectDOCS.pdf

An unknown number of users have received a phishing scam message:

From: a known contact of a user
Subject: Project Update
With an attachment entitled: projectDOCS.pdf

This will most likely appear to have been sent by one of your email contacts. Opening the PDF requests your login details and it states that the .PDF is safe and can be accessed via your email address and password.

Best practice is to delete the email entirely. Please do not open or download the attachment if you have received this message to your inbox as you may be introducing a security threat to your device.

More information about Phishing and how to identify email scams can be found on our website.

Please contact the IT Service Desk if you have clicked on the attachment or need additional information or support.

Having trouble with VPN?

Update | 22 September 2016

The Cisco VPN service was successfully recovered yesterday afternoon and appears to be working as usual. We will continue to investigate a means of ensuring the service continues to remain stable and reliable until its eventual replacement as part of the Network Refresh project.

Many thanks for your patience.


Update | 21 September 2016

Yesterday the Cisco VPN service stopped working.

Troubleshooting has confirmed that the VPN appliance itself is operating fine, but the back-end Cisco authentication of users is the faulty component. We are presently working on trying to re-direct the RADIUS authentication requests to another server, but we are experiencing some interoperability issues with this. The 12-year old unsupported VPN service doesn’t seem to play well in a modern environment.

Please do understand we are working hard to resolve this and will provide an update here as soon as we have a solution in place.

If you are affected by this please contact us at: uod.ac.uk/help4u noting call ID # 194644


Original message |  20 September 2016

We are aware that people attempting to use the University’s VPN service to gain off-campus access to internal resources are having problems. The team are currently investigating the matter, although at present, a time-frame for resolution cannot be given. Updates will be added to this post as they arise, but for now, we’ve given a bit of context about this issue below.

VPN at a glance
Our existing VPN forms part of the old Cisco network and is 12 years old. We are working to replace it with a new, fit-for-purpose, modern tool.

Why refreshing our network is the true fix
The ageing nature of the current network and its related components make it difficult to identify the root cause of issues that arise with it. We are actively replacing the University’s network and in achieving the projects goals, a robust infrastructure that is feasibly supportable will be delivered. This includes a new, compatible VPN that will allow for more reliable remote access.

The network refresh changes will offer a

  • New wireless network providing a faster, more reliable, wider coverage and a consistent connection speed across campus.
  • New wired network providing a more reliable and consistent service across campus.
  • More modern, energy efficient, network infrastructure, leading to a reduction in the University’s emissions output and carbon footprint.
  • New and consistent security design across both wired and wireless networks.

More information on the Network Refresh can be found on the project blog

Update your iPhones and iPads

iOS image

From The Register

“Apple has pushed out an emergency security update for iPhones, iPads and iPods after super sophisticated spyware was found exploiting three iOS vulnerabilities.

The iOS 9.3.5 upgrade plugs three holes that, according to researchers, are being used right now by the Pegasus surveillance kit – a powerful commercial malware package sold to governments for snooping on dissidents and journalists.

Pegasus exploits the bugs to inject itself into iThings. A victim simply has to click on a bad web link to start an infection. Once installed, Pegasus can read messages and emails, listen to calls, monitor social network posts, pull out Wi-Fi passwords, and so on. It essentially has comprehensive access to a poisoned handheld.”

Please see https://support.apple.com/en-us/HT207107 for more information about this update