Update: Subject has now changed to “Important Task” and the originating email address has changed to executivegroup122@gmail.com which is also now blocked.

 

hacker

We have been receiving new reports of a phishing  email making it into University inboxes. We had many reports of this particular issue so we could react quickly to the threat. On investigation, it turned out that nearly 500 emails have been sent to UoR staff. Our Security team has blocked the malicious email address executivesgroup122@gmail.com and any emails that have not yet been delivered are being quarantined so they do not reach any more inboxes.

Subject: “Key Task”

The email claims to be from a senior member of the University, but actually comes from the email address “executivesgroup122@gmail.com“. It has a subject line “Key Task”, and the content is targeted to you personally, using your name and your Head of School

[name], do you have a moment? I’m heading into a meeting with limited communication access. So just reply by email.

The email asks you to email back urgently. If you do this, you will then be asked to purchase gift cards.

GREAT! Here’s what i want you to do for me because I’m a little busy right now. I have been working on incentives and I aimed at surprising some of our diligent department staff with gift cards this week. This should be Confidential until they all have the gift cards as it’s a surprise and you will keep one for yourself too. I want you to pick the gift cards for me and I will refund you once am done.

Can you get this done today?

Do not follow these instructions, you will lose your money!

What do I do if I receive one?

Do not reply to this email as it could damage your work and computer and may make your private details vulnerable. Never engage with a suspect email.

Watch out: read the email warning banner!

We recently introduced a warning banner on emails if it isn’t from a usual source e.g. [you don’t usually get emails from xyz@abcemail.com Learn why this is important at https://aka.ms/LearnAboutSenderIdentification]”

This was introduced to alert you to the email originator, and is especially useful for spotting phishing or spoof emails such as this, where the email signature is not the person sending the email.

What to do if you’re worried

If you are concerned about this email or other similar emails then please call ex.6262 or go to reading.ac.uk/dts to raise a ticket.

If you are worried about your account, you should reset your password.

If you are a member of staff whose students are reporting this to you we strongly recommend that they change their password via Microsoft.

For tips on keeping yourself and your information safe online, visit our web page on Cyber Security.