Skip to content
Open menu Close menu

Current Threats

Examples of phishing appear below.

The problem of phishing emails and how to recognise them

People (both internal and external) have been receiving emails that look like they have been sent from real University email addresses, including the University of Bradford. There are a variety of formats - some requesting invoices to be paid, and others asking for information. These malicious, yet friendly-looking emails are intended to get information and steal money from unsuspecting individuals.

They are spoofed emails (a type of email phishing attack), where the sender has changed parts of the email to make it look like it's been written by someone else and sent from a legitimate source.

The University cannot stop its email addresses from being spoofed and cannot block all spoofed emails. This means that we must rely on people being vigilant when opening and relying to emails. If someone replies to one of these emails it may result in them giving away sensitive information and potentially succumbing to identity theft or losing money.

It also affects the University’s reputation because the email address appears to originate from the University of Bradford.

If you are in any doubt that an email is truthful or that the sender is legitimate, don’t click on the link! See these 10 tips on how to identify a phishing or spoofing email.

1. Don’t trust the display name

This can be spoofed. A fraudulent email can appear to be legitimate because most inboxes only show the display name. Don’t trust the display name.

2. Look but don’t click

Hover over any links in the email. If the link address looks strange, don’t click on it. If you want to test the link, open a new window and type in the website address, rather than clicking on the link in the email.

3. Look for spelling mistakes

Legitimate messages usually do not have major spelling mistakes or poor grammar.

4. Analyse the greeting

Is the email addressed to a vague "Valued Customer”? If so, be careful - legitimate businesses usually greet you personally with your first and last name.

5. Don’t give your personal information

Legitimate banks and most other companies will not ask for personal details via email. Don’t provide them.

6. Beware of urgent or threatening language in the subject line

Beware of subject lines that claim your "account has been suspended" or your account had an "unauthorised login attempt". Invoking a sense of urgency or fear is a common phishing tactic.

7. Review the signature

Legitimate companies always provide contact details.

8. Don’t click on attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal passwords, or spy on you without your knowledge. Don’t open email attachments you aren't expecting.

9. Don’t trust the header from email address

Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address.

10. Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address does not mean that it’s legitimate. Be sceptical when it comes to your email messages - if it looks even remotely suspicious, don’t open it.

If you've received a phishing email

If you've received a phishing email, please forward it to misuse@bradford.ac.uk and add 'phishing?' to the beginning of the subject line.

Examples of phishing

A number of people across the University have received an email similar to the one in the image below, which asks you to sign in to see a summary of your salary. This is a phishing email and the link in it goes to a web page that looks very much like MyView. Do not sign in to this web page - If you do, your username and password will be stolen and used to access MyView by criminals to change your bank details or collect other personal information.

Salary summary phishing email.

Below is a screen shot of a known phishing email (added 26 July 2017)

Phishing email Invoice

 

Below is a screen shot of a known phishing email (added 18 July 2017)

Phishing email Microsoft Outlook  

Below is a screen shot of a known phishing email (added 6 July 2017)

Phishing O2

 

Below is a screen shot of a known phishing email (added 27 June 2017)

Phishing email subject line security threat level

 

Below is a screen shot of a known phishing email, with the subject line: 'Your May Salary Issue':

Phishing email with the subject line: Your May Salary Issue.

Below is a screen shot of a known phishing email, with the subject line: 'Conf #55246-976-6' which contains an attachment:

Phishing email with the subject line: Conf #55246-976-6

Below is a screen shot of a known phishing email, with the subject line: 'Urgent Notification (Protect yourself from Fraud':

Phishing Email with the subject line: Urgent Notification (Protect yourself)

Below is a screen shot of a known phishing email, with the subject line: 'Your email address is no longer active':

Phishing email with the subject line: Your email address is no longer active

Below is a screen shot of a known phishing email, with the subject line: 'Problem with your membership':

Phishing email subject line Something wrong with your account