Working from home during the current COVID-19 pandemic has created additional security risks with criminals attempting to obtain usernames, passwords, information and money through email, text messages, or scam phone calls.
All these fraudulent communications are usually unsolicited, meaning you’ve been contacted out of the blue. Staff and Students at the University are advised to stop and think before providing any details, even if an email or phone number looks legitimate at first glance.
The Computing Services Department (CSD) uses sophisticated spam filters to prevent a huge amount of suspect emails getting through to our staff and students, but inevitably some make it into our inboxes. CSD need everyone to remain vigilant and be aware of how to spot a scam in all its forms.
There are a number of phishing attempts in circulation at the moment. Here’s what you should be looking out for.
We are all poised for new information on the Covid-19 pandemic, and as such, we are ripe targets for scammers pretending to “update” us on the situation. These emails often look like they come from someone in the University, perhaps your line manager or HR, but if you click on the address the scam email came from, you’ll often see if doesn’t end in @liverpool.ac.uk. These emails might ask you to log in to read the latest updates, and they will direct you to a page that looks almost identical to the University’s webmail page. Remember to always look at the URL (web address) in the address bar to make sure you’re on a legitimate University website.
What to do
Don’t click on anything. If you receive an email like this and you’re suspicious of its origins, you can contact the supposed University sender by sending them an email via the University’s global address list to confirm the validity of the email. Don’t reply to the email you received. Always check the URLs in the address bar of a site you have been directed to. Don’t input any usernames or passwords. You can get all the latest Covid-19 updates from the University on the staff intranet: liverpool.ac.uk. Also remember the CSD Service Desk are always available via servicedesk.liverpool.ac.uk to answer any questions or concerns you might have about an email.
This is one of the most common email scams. It tells you you’ve used a large amount of your email storage space and you need to “click here” or “log in” to request to adjust your mailbox storage or prevent your emails from being deleted. This is designed to make you panic, often resulting in the recipient divulging details or clicking links without taking the time to read the email properly.
What to do
CSD provides all University email accounts with 50GB of space. So you’d need to store at least 10 000 high-quality photos or 10 full length, HD quality movies, in your inbox, to reach your limit. It’s extremely unlikely that you have reached your limit. If you receive an email like this, or you’re concerned about your email storage limit, contact the Service Desk at liverpool.ac.uk before clicking anything.
This is another scam designed to scare you into giving up your details. This email tells you your Outlook Mailbox Security System is outdated and disabled, therefore leaving you vulnerable to unsolicited and scam emails. But in fact, this is the fraudulent email! It sometimes also tells you if you don’t update/click on the link, you will not be able to send messages anymore.
Don’t click on anything and don’t enter any personal details. If you hover over any links (most probably highlighted in blue) that you’re being asked to click on, you’ll see it’s directing you to a site not linked to the University. Report the email to CSD and delete: https://www.liverpool.ac.uk/csd/security/email-security/reporting-emails/
A fraudster impersonates your line manager or a colleague in your department, then sends you an email asking you to buy a gift card or voucher with a promise to reimburse you once they’re back in the office.
The clue is in the email address. Scroll over or click on the name of the email sender to view the full email address. Look out for numerals used instead of letters (for example, a zero is used instead of the letter O). Anything ending in @gmail.com, @outlook.com, or @btinternet.co.uk is most likely not a legitimate email from a University colleague. Most importantly, if an email seems suspicious in any way, don’t reply. Contact the person you think the email is from using the Global Address List (GAL) in Outlook, or via their University phone number, to confirm the request.
Recently an email was sent to a number of University members, purporting to be from the CSD Service Desk. This email asked users to click on the “Your incident” link to provide feedback. In fact, the link directed readers to a fake site attempting to steal your MWS credentials.
First thing to do is not click on anything until you know where it’s going to take you. If there’s a hyperlink (usually in blue, underlines text) that you’re being asked to click, hover over it with your cursor. A preview of where that link will take you to should pop up in a white box. If it’s not a University page or a recognised website, don’t click on it. If you have clicked on it accidentally, don’t panic. Just remember – don’t enter any details such as usernames, passwords or personal details on the page it brings up.
Phishing attempts are evolving at a rapid rate, and it is becoming increasingly difficult to tell the difference between a genuine email and a scam. Here are some other clues to look out for in unsolicited email:
CSD are committed to protecting the University’s staff, students and data from phishing attempts. The University needs everyone to be vigilant and careful, and report anything suspicious before taking any other action. Further information is available at: https://www.liverpool.ac.uk/csd/security/email-security/reporting-emails/
All recent news
Virtual events and activities to take part in this week: 26 – 31 May 2020
Student Services launch survey to help improve wellbeing support for students
Obituary: Benny Pollack
Risk factors associated with severe and fatal cases of COVID-19 identified
Architecture academics on the view from your lockdown window
In our NEW blog @MeredithCrowle1 and Dr Lu Han look at whether 'level playing fields' will derail the Brexit negotiations.
READ it here 🔻
@stjohnscam @Cambridge_Uni @UoLManSchool @LivUni @livuninews
Our Developmental Economist, Dr @SGarikipat @UoLManSchool is distributing food and other resources to #India's migrant labourer families and individuals cut adrift by #COVIDー19 - can you help?
1/ Today, we are launching our 10th COVID-19 Policy Brief with @LpoolCityRegion, a paper by Alex Nurse & Richard Dunning, Planning Lecturers @livuniplanning, entitled ‘Cycling & walking - a faster route to a safer & stronger Liverpool City Region’