Category: Security

University network penetration testing

From 3-11 September, an authorised scan will be conducted by JISC to identify any weaknesses on the University network.

Impact

All systems connected to the University network should be considered at risk during the scanning period. This will be the first in a series of regular scans to ensure our Network defences are up to the job of protecting our systems and data from various cyber-attacks.

Benefit

This work will safeguard the ongoing security of our network. It will also ensure the University’s compliance with certain parts of the Government’s Cyber Essentials Scheme 

Get help / report issues 

If you have any questions about this or experience any issues during the work window, please contact the Service Desk. 

Phishing email: Undelivered Mail

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Dundee server detected your [username]@dundee.ac.uk email have (14) undelivered mails since the 16th of December 2017, which are awaiting your approval to be delivered.

Be aware that this should fix any mailbox malfunctions, kindly ask you to follow instructions as below.

* Move pending messagesnfrom Server to Inbox
* Review pending messagenwith Dundee Cloud server

Further messages might not be delivered if any of the above actions are not performed.


Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Phishing email named Your Office Email Storage Space Low

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Subject: Your Office Email Storage Space Low

Microsoft Office Email 365
You are out of storage space.

Your email xxxxx@dundee.ac.uk is out of storage space and will soon be stopped from sending or receiving emails until you
enable or buy more storage space

We recommend you to enable or buy more storage space by checking enable more storage below
for you to enable sending and receiving emails and to avoid your email being compromised

Enable More Storage

This action will take a brief period before this request takes effect
This is a mandatory communication about the service. To set communication preferences for other cases.
This message was sent from the email address is not monitored. Do not reply to this message.
Privacy | Legal Notices

Microsoft Corporation
600 Pine Street, Suite 352,
Seattle,
WA 98101, USA.


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Phishing email – Overdue Invoice – Urgent

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Subject: Overdue Invoice – Urgent

Attached is your Avfuel Overdue Invoice. If you have any questions, do not reply to this email – instead, contact Avfuel at 800-521-7806.
Download your invoice online Download Invoice

Thank you for being an Avfuel customer!

Global Supplier of Aviation Fuel and Services

Attachments area

To make sure you keep getting these emails, please add invoice@avfuel.com to your address book or whitelist us.

Want to stop receiving mails to this list Unsubscribe or if you want to stop getting all communication from us Unsubscribe All.

Our postal address: HQ San Francisco, California, United States

 


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Phishing Email – I can assist ==

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


 

Subject: I can assist==

Hello,

My Investors living in Oslo is willing , ready to Invest funds into your existing and future Projects.

My Investors will be ready and willing to provide funds to acomplish any serious ,good , genuine and Viable Projects.

Please contact with me directly if you know of any serious Trustee / Individual who can Invest this funds properly into his/ her existing projects.

Contact me via email directly:   rr.os31900@tutanota.com

Thanks and Best Regards
Mr.R.R.Oswald

The University of Dundee is a registered Scottish Charity, No: SC015096


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Phishing Email – Document

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Subject: Document

View and sign important document below from Dundee University

[https://p.sfx.ms/images/icons/v2/smaller/Docx.png]
Document1

View Docusign


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

Phishing Email — UKPC Parking Charge Reminder

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Subject: UKPC Parking Charge Reminder ID xxxxxxxx

You’ve been witness summoned to court.  You are hereby summoned to attend to court and produce documents to the court.
It is extremely important that you read the subpoena you received very carefully.
This will state exactly what the procedures will be if you fail to do what is required of you.

Sincerely Witness Care Unit agent Richard Johnson.
Court location and primary information.
In the Central London County Court
19 Jan 2018
Before Mr Justice Mitting
Royal Courts of Justice
Thomas More Building
Court: 3 7
5th Floor
Clerk: Mr. Gavin


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

 

Phishing Email – IMPORTANT NOTICE!

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:


Subject: IMPORTANT NOTICE!

Hello

This is to notify all Students, Staffs of  University that we are validating active accounts. Kindly confirm that your account is still in use by clicking the validation link below:

Validate Email Now

Sincerely IT Help Desk

Office of Information Technology


 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

 

 

Phishing Email — De-Activation Notice

UoDIT is aware of more phishing emails being received by staff at the University.

Example Email below:

Subject: De-Activation NOTICE

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.

 

 

Phishing Email — Payroll Notification

UoDIT is aware of more phishing emails being received by staff at the University.

 

Subject: Payroll Notification

 


To All Faculty and Staff Members,

1 New Notification Regarding Your Payroll

www.dundee.ac.uk

Best Regards,

The University of Dundee is a Scottish Registered Charity, No. SC015096

  • © University of Dundee

 

Please remain vigilant and please do not click any links in these emails and do not interact with the email if you have received it and delete from your inbox immediately.

Did you click?

  • If you have supplied your credentials or personal information, change your password immediately.
  • If the device you used when interacting with it is University-owned (i.e. a Student / Staff Desktop), please contact the IT Service Desk for advice.
  • If the device you used when interacting with it is your own (i.e. a personal device), we advise that you run an anti-malware software from a reputable source and perform a scan on your device yourself.

Educate yourself
The most common phishing attack method is by emails. These authentic-looking messages, usually called phishing scams, are designed to exploit information from the recipients; either by asking them to reply to an email message or by clicking on a link/attachment within the email.

These emails cannot corrupt your device on its own, you have to interact with it. Think:

  • When you receive an email to your University account, consider if you were expecting correspondence on that topic, from that recipient. If you weren’t, and the message is calling for you to act either by sending information, clicking on an active link, or downloading an attachment, first ask the IT Service Desk to confirm its legitimacy.
  • Never tick/check enable macros on attachments, unless you explicitly need to and trust the sender.
  • Don’t run a program if you don’t know where it has come from and you have not chosen to install it yourself
  • Do not provide your username and password, especially if you have any concern over the legitimacy of an email

Further advice can be found on the Information Security website section.

https://www.dundee.ac.uk/it/services/security/

Getting help
UoD IT staff are available 09:00-22:00 Mon-Fri and 10:00-22:00 Sat-Sun. Please log a call for assistance via Help4U if you have any concerns.