We have been made aware of a new type of malicious email targeting our users and users at other educational institutes.
The script propagates itself by sending an email to a person’s contacts. Technical Services have confirmed that some EDC users have received versions of the email already, and similar attacks have been confirmed at other institutions as well. If received, users should delete the E-Mail.
How does it work?
A person receives an email from a contact (may be a contact at another university or school). The email says that the message cannot be displayed, and contains a button with the label similar to “Display Message” If the “button” is clicked, the user is taken to a website, which will attempt to load a malicious script. If the script is successfully loaded, then it will use the person’s own contacts to send out more emails of the same kind.
What does it look like?
The email subject line will often appear as if the email is part of a continuation of a conversation. The subject line may start with a “Re:” and may be about a variety of activity, anything from school activity (admissions, student clubs, scholarships) or general online activity (shopping, job applications, banking, etc.)
If you hover your mouse over the link you will see it's destination:
If you do not recognise the URL please do not click it and do not forward the message on. Please ring Technical Services on 8227 if you are still unsure.
Due to the changing nature of this attack, it is very difficult to prevent so please be extra vigilant when clicking on links in E-Mails.
If you're not sure about any E-Mail you receive, especially if you're not expecting it, please use the report message add-in located on the far right of your menu ribbon in Outlook to report the message to Microsoft.