Warning about scam messages purporting to be from senior members of staff
26 May 2021
A reminder to always remain vigilant of ‘phishing’ emails and messages.
We recently received a report of a scam email sent to a student. It appeared to be from a senior member of University staff, but it was actually sent from a non-University email address. In this case, the real email address was visible when hovering the mouse over the displayed sender details.
This email said “I want you to handle a short but urgent task for me, Reply with your WhatsApp number and look forward to my message. Kind Regards.”
This is a typical characteristic of some scams, where the recipient is led to respond to something urgently, before having chance to think about what they are being asked to do. Such techniques are used by scammers to mislead people into spending significant amounts of money on online services or vouchers (which are difficult to trace).
No member of staff will ever make a request like this.
While we have filters in place to block unwanted and malicious email, some of these messages do get through occasionally. We are continually improving the University’s junk mail filtering service.
What is phishing?
Phishing messages are emails that try to trick people in to giving out personal information or visiting fake websites. Responding to a phishing attack can:
- Release your personal details to someone who may use them fraudulently,
- Cause financial loss,
- Expose your passwords, meaning that someone else may be able to access your emails, documents, social media sites and other online resources, and may be able to delete files or send malicious messages from your account,
- Encrypt your files and folders, demanding that a 'ransom' fee is paid to get them back,
- Stop a computer from working completely,
- Infect other systems and networks.
Advice:
- If you receive a phishing email, report it as soon as possible .
- If you have any concerns at all about the safety of your University IT account, please contact the IT Support Centre immediately. Please use the 24/7 phone line (0161 306 5544) where possible.
- If you have told anyone else your password, you must change it immediately using the IT Account Manager at https://iam.manchester.ac.uk/. The only person who should know your password is you.
- Even if you’re not sure about an email – contact the IT Support Centre ; we want you to be safe. If it just doesn’t look right, we want to know.
- Report fraud to the ActionFraud police site.