IT services status

Find out the current status of IT services at the University of Bath

Topic: Phishing

Phishing Email titled: IT HELP DESK


📥  Phishing, Scams, Security

We are getting reports of a phishing email being sent to students and staff.

This is fake. Please ignore and delete this email. Please do not click any links or send any personal information.

If you are concerned about an email you are sent, you can forward it to: and the team will advise.

Example of the email:

subject: IT HELP DESK

Due to recent upgrades on our servers.  Your 5 (Five) incoming Emails are on hold. Please validate below to retrieve your email

Click here to retrieve and update your email account.

We are sorry for the inconvenience.



RE: New Outlook Update phishing, 7 September 2016

📥  Phishing

Staff and students should delete the phishing email whose subject line reads

RE: New Outlook Update.

If you followed the link in the email, please change your password.

Content of phishing email so you can recognise it and delete straight away

Welcome to the new outlook web app for Staff and Students
The new Outlook Web app for Staff/Student is the new home for online self-service and information.

Click on Login here[a link in the email] and login to:

·                     access the new staff directory

·                     access your pay slips and P60s

·                     update your ID photo

·                     look up student records using the contact search facility

·                     use our quick links at the bottom of each page to help you find relevant tools and information


Students: Phishing email requesting you to update your student loan details

  , ,

📥  Phishing

The sumer term might be at an end but phishing scams are still happening.

We have been made aware of a phishing scam targeting students by requesting that they update their  personal information  in order to get their next student loan payment, this is a fake email. Please do not click on any links or enter any personal information.

Please note:

  • If you have given your bank account details or other financial information to an email of this type, Contact your bank immediately
  • If you are on campus, visit the IT Service Desk, on level 2 of the Library for advice. Alternatively, contact them via the help form
  • You will never be asked for your personal information, such as your bank details or password, via email.
  • If you are worried about an email, please forward the email to and our security team will advise you.

Futher information about phishing attacks and what to do, can be viewed on our website.

Many thanks

IT Literacy.


Fake email about Webmail

  , ,

📥  Phishing, Scams, Security

We have been alerted to an email that has been sent to some users within the University entitled "Account Lock Notice" which states that your webmail account has been locked due to too many login attempts. The links in this email take you to a site that asks for your login details.

This email has not come from us so please don't click on any of these links. If you are concerned about an email you have received you can always email and the security team will verify this for you. We have reported the fake site to Google Safe Browsing.

Read our advice on dealing with phishing emails.


Password Change Request

  , , ,

📥  Phishing, Security

Recently a number of members of the University community received a phishing email which requested personal details as well as their University user name and password, leaving those who responded exposed to identity theft. As a precautionary measure Computing Services have contacted those affected and requested the password on their University computer account is changed.

Please check your University / Personal email and if you have received this email please follow the guidance within to change your password.

Accounts which have not had their passwords changed by 31st May 2016 will automatically have their passwords scrambled.

If you have any queries or experience difficulty changing your password please visit the Computing Services Service Desk on Level 2 of the library.

Please note when you change your password you will need to update any devices you have set to autmatically download email or connect to Eduroam.

Top Tips for Internet Security

  1. The University will not ask you for your bank account details in an email.
  2. Don’t click through from links contained in an email, ensure you copy and paste the link into your web browser
  3. The University will only ask you to enter your user name, password and personal information into secure web pages hosted on the domain
  4. Does the From: addresses match the organisation represented, e.g. appear to be from another university but claim to be the University of Bath
  5. When you hover over a link does it match the displayed organisation

Further information and guidance can be found on our malicious emails web page.


Stay safe new phishing email to be aware of


📥  Phishing

There is a new phishing email to look out for. The good news is, we've managed to catch it early. Please don't click on any of the links and if you are concerned you can always email and the security team will verify an email for you. You can read our phishing email advice here.


Subject - Dear Mailbox user




Please Go to:> Phishing link>  on your browser to Update your password immediately.


Call the Support Centre-HELP for information about any OWA Gateway service


Staff Incident Report No: 890028371

Case ID: 67MDC-7911

Group: Faculty/Staff

Admin Key: XXX06273



end of email

This is a fake email. Please remember never to click on any links or enter your personal information. We will never ask for your password via email.



Please be aware of further phishing attacks


📥  Phishing, Security

Following on from the 'grant offer' phishing attack we reported earlier this week, we have received reports of another attempt this time targeting the old webmail sign on page and verifying credentials. Please be aware that all staff and students should now have migrated to Exchange and so please do not enter your password or click any links.

 Below is an example of the phishing email:

Subject: Beware EMail security Alert!

Dear User,

There has been an automatic security update on our Bath University Administrative Server system, Please use the direct link below to validate your WebMail account.

CLICK HERE: [LINK to phishing page]


Copyright © 2016 University of Bath. All rights reserved IT Support &  Web Desk Computing Services (this is a fake phishing link).


What if I have submitted the form?
You must reset your password immediately if you are unsure of how to do this or you are unable to access the tool please visit the IT Service Desk on Level 2 of the Library for assistance.

You can also read the University of Bath phishing information, which gives further advice. You can also forward phishing or emails you suspect are phishing  emails to:



Students - beware of 'Grant' phishing emails

  , , ,

📥  Phishing, Scams, Security

Students have recently received phishing emails purporting to be from the University Finance Office. You should not click on the link within these emails.

Some of our students have reported they have received false emails pretending to be from the University Finance Office, advising them they are entitled to receive a financial grant. We have also had reports that some students who entered bank details and personal information have had money taken from their bank accounts.

  • If you have provided any financial (bank details or credit card details for example) or personal information in response to this email please contact your bank or card provider immediately to advise them that you have been the victim of a fraudulent email scam to obtain your financial details. They can take steps to protect you and your financial information. Do not wait to contact us before doing this.

Please  change the password on any accounts that you have signed up for using the email address that this phishing email was sent to.

These emails are fake and can be spotted as they have not been sent from a University of Bath email address.

The emails contain the following message:

Dear University Member,

Following the meeting by the university with the Government with regards to support for student  and staff research purposes, we are pleased to let you know that Study-Support fund has been awarded to the university by the government.

You qualify to receive the support/grant. To ensure that you receive your grant promptly, you are required to submit your details via the web link below.

Grant Information link

Please click on the link above or copy and paste it into your browser to submit your details.

You will be contacted via your registered address with the university on grant has been successfully processed.


Finance Department

University of Bath

You should not click on the link inside the message as this leads to an insecure website asking you to supply personal and banking information which could be used to carry out identity and financial theft.

What if I have submitted the form?

You must reset your password immediately if you are unsure of how to do this or you are unable to access the tool please visit the IT Service Desk on Level 2 of the Library for assistance.

You can also read the University of Bath phishing information, which gives further advice.


Four current phishing attacks all contain malware, 12 January 2016


📥  Phishing

Delete any of the current spate of phishing emails which all contain malware.   Please see the examples below so you know what to look out for.  The malware act in different ways so get in touch with our IT Help if you did open any attachments.

Subject Lines

Subject: Past due report

Subject: AQR Transaction (or some 3 other  capital letter reference)

Subject: FXR Invoice (or some 3 other  capital letter reference)

Subject: NS Transfer (or some other 1 or 2 capital letter reference)

Subject: MD Transaction

From Addresses

These change so we cannot provide a definitive list.  We have provided examples below so you know what to look out for.


Attachment – Customer_PAST_DUE_DATE####.doc (331KB



From: Micah Hutchinson []

Sent: 14 January 2016 06:24

To: Recipient

Subject: Fw: MD  Transaction

Good Day

Please see the report in attachment. In order to avoid fine for delay you need to pay within 24 hours.

Kindest regards

Micah Hutchinson


-----Original Message-----

From: Bob Hahn []

Sent: 11 January 2016 16:03

To: recipient

Subject: Past due report

Importance: High


Please let me know when we can expect payment on the past due invoices. I attach it.




Bob Hahn | Solutions Salesperson

C:  301-442-6970 | P: 301-276-2075 | F: 301-386-0275




Attachement – RANDOM_STRING(13charcter).doc  (229KB)


From: Cheyenne Juarez []

Sent: 12 January 2016 07:06

To: Recipient

Subject: Fw: AQR  Transaction




Please find the receipt enclosed with this email. The Transfer should appear on your bank in 48 hours.


Kind regards

Cheyenne Juarez



Attachment -  random_string (10Character).doc (212KB)



From: Galena Evans []

Sent: 12 January 2016 05:59

To: Recipient

Subject: Fwd: FXR  Invoice


Good Day


Please review the invoice attached to this email. The Transaction will be posted on your bank in one day.


Best regards

Galena Evans





Attachment -  random_string (10Character).doc (237KB



-----Original Message-----

From: Shea Stone []

Sent: 12 January 2016 07:48

To: Recipient

Subject: NS Transfer




Please review the payment confirmation enclosed with this message. The Payment will be posted on your account within 24 hours.


Best regards

Shea Stone



Phishing attempt - change password


📥  Phishing

We have been made aware of a phishing email claiming to be from Weebly. This is fake please do not enter your details. If you have already entered your details find out what to do next.

Below is an example of the email:

subject: attn

Important Announcement to all Staff




Click here: Staff-Online <url>