Malicious email containing red button
Click here to show/hide earlier details
Posted: Tue 12 Mar 2019, 8:51am.
Watch out for malicious emails with the subject line: [your name] re: [an area of your work]
These clever phishing emails will seem to be addressed to you, and will mention a subject related to your work.
They include a red "Display message content" button. DO NOT CLICK THIS BUTTON.
Clicking the button will take you to a fake website that looks like a Sussex login page, but the the URL in the address bar will be completely wrong. This will store your login details so criminals can use them.
If you have clicked on ones of these messages, please change your password immediately.
If you've received one of these messages, it does not mean your details have been stolen.
Stay safe online - visit the ITS website and read our Top 10 Tips for online security.
UPDATE: 14 Mar 2019 - 9:55am
Staff and students at Sussex are still receiving messages from the clever, malicious email campaign that’s targeting the University.
You can spot these messages by looking for:
- No actual content in the email itself
- A red or green button that you need to click to “view the message” or “display message content”
- A fake due-date (for example “open before Friday”)
- The sender will generally not be a genuine @sussex.ac.uk address.
However, some people have now given away their login details by following the link and typing their password into a fake website. As a result, some Sussex accounts are being used to send these phishing emails.
The subject line will often mention something related to your work or studies. Please be vigilant for more of these attacks and please help us raise awareness with students and staff.
Please reset your password IMMEDIATELY if you think you may have given away your login details. Changing your password regularly is good security practice.
Staff in ITS are actively monitoring the situation and blocking websites used by the criminals.
Stay safe online - visit the ITS website and read our Top 10 Tips for online security.