Students Staff

8 March 2019

New phishing campaign

Filed under: Latest news — ckeitch @ 10:38 am

The National Cyber Security Centre have advised of an ongoing, widespread phishing attack, with a high success rate which is propagating at speed across the UK.

If you receive an email which contains a green or blue button don’t click the button. Forward the email, as an attachment, to spam@essex.ac.uk and then delete the email.

Some green and blue buttons

An example of the buttons used in the campaign.

 

 

 

 

 

 

 

 

 

 

Attack Details

  • A user is sent an email which contains a green or blue button – see samples
  • The e‐mail is usually from a legitimate and known email account
  • Often, the user will have recently exchanged emails with the account
  • The email subject line often mirrors a recent email exchange
  • The malicious email contains either a green or blue button
  • Underneath the button, there may be additional text which changes
  • The user is encouraged to click the green or blue button
  • If the user clicks this button they are redirected to a fake, but highly realistic, login page which asks for your username and password.
  • Accounts have been compromised simply by clicking the link i.e. without entering your username and password.

Countermeasure

  • Don’t click the button, or anywhere on the email
  • Forward the email, as an attachment, to spam@essex.ac.uk
  • Delete the email

If you clicked the button…

Change your password using a different computer i.e. not the one you clicked the button on.

If you need further advice contact the helpdesk@essex.ac.uk.

Leave a Reply

Your email address will not be published. Required fields are marked *

The University of Essex will moderate comments and there will be a delay before any posts appear.