March 10, 2017, by Aleisha Turner

Universities targeted by HR Phishing Campaign

The City of London Police have notified us of a phishing campaign that seeks access to HR and payroll systems.

Convincing University-branded emails, some containing salary increase promises, are being sent to University staff across the UK.  These emails direct staff to landing pages that are convincing copies of University intranet/HR portal login screens. Login credentials are then collected by fraudsters who use them to change bank details and divert staff pay to third party bank accounts.

University of Nottingham staff have already been targeted. The example below is taken directly from an email received by a University staff member.

Information Services, HR and Payroll will never ask you for login credentials or prompt you to update personal data via email. Visit our Cyber Security webpages for more information about how to handle phishing emails.


Posted in Cyber Securityphishing