By Patrick Sullivan, Co-Editor-in-Chief
Students and staff should avoid clicking on links from emails reading ‘Message clipped. View entire message’.
On the morning of 22 May, several emails were received by both students and staff reading ‘Message clipped. View entire message’.
At 9.26am, IT Service Help Desk sent out a status update, informing students: ‘We are aware the University is being targeted by an increased amount of phishing. If you receive an email from a colleague that asks you to click to view the entire message please delete it.
'If you have clicked and entered details please contact the service desk at email@example.com or phone [0117 42] 82100’
The format of the email differs from the previous attacks in December and March respectively. Both of those sets of emails featured coloured buttons instructing recipients to ‘Display message’.
In the case currently affecting University members, the link is embedded in text. The format of the email subject is also different, with some remaining blank while others retrieving subjects of past, legitimate emails, such as ‘grp-Project & Event Planning’. The latter is a tactic used before to gain the trust of recipients.
The emails are, however, using compromised University accounts, as the previous two notable incidents. In December, around 450 accounts were confirmed as being compromised. Figures have not yet been confirmed for the breaches in March or May.
Students and staff should take extreme caution with their personal details if they suspect an email is dangerous.
Update: In an email later on 22 May to all students, Information Security Manager, Matt Osborn, said: 'IT Services is actively working to stop further messages of this type reaching your inbox. We are also dealing with accounts that may be compromised and supporting those who have entered details.
We take specific measures to reduce the effectiveness of these scams, but we can’t guarantee that you won’t receive them. Your awareness of these messages, how to spot them and how to report them is crucial in further reducing their impact on you and the entire University.'
For information on how to identify and deal with phishing emails, the University has the following information page: http://www.bristol.ac.uk/infosec/protectyou/idtheft/phishing/
If you have clicked on a link and entered your details as prompted by one of these emails, please contact the IT Service Desk via email at firstname.lastname@example.org or phone on 0117 428 2100.
Featured Image credit: Unsplash / Taskin Ashiq
Are you worried about the increasing cyberthreats to the University?