University email accounts victim of a “major” phishing attack

The link in the email is blocked to those on campus, but not those away from the University

In an attempt to require sensitive and confidential information, University of York email accounts are receiving a message with the subject line “Your York email account will expire within the next 12 hours” from an external source that asks them to follow a link to enter their york.ac.uk account details.

The email reads: “Your York email account will expire within the next 12 hours. Order to remain active, Use the following link to update your account. Thank you our York Email Service.”

Students are being encouraged not to follow any links in the email and to mark the email as “phishing” in Gmail.

Students who have opened the link and entered their information are advised to change their password immediately and follow these steps:

1. Go to Details (bottom right corner) to see recent account activity. Click on “Sign out of all other sessions”.
2. Click on the cog icon in the top right and go to Settings – General:
Check that your signature and out of office autoreply settings have not been tampered with – if they have, then change them back
3. Settings – Accounts
Remove any email accounts from these two sections that you did not add yourself
Check that your display name hasn’t been changed – if it has, use “edit info” to change it back
4. Settings – Filters and Blocked Addresses
Delete any filters that you did not create yourself
5. Settings – Forwarding and POP/IMAP
Remove any forwarding addresses that you have not added yourself

It is currently unclear where the email has come from or how the hackers have contacted the University email database en masse. IT co-coordinators have described the attack as major.

Students are encouraged to familiarize themselves with the risks of phishing on this information page on the Unviersity’s website (http://www.york.ac.uk/it-services/security/spam/.) and to contact [email protected] with any concerns.

6 comments

  1. “From an external source” – uh, no. My phishing email came from ect509 @ york . ac . uk, which is an address belonging to a student. I checked my york email address book and the name was right there.

    “It is currently unclear where the email has come from…” – again, from a compromised student account. pretty clear.

    “…or how the hackers have contacted the University email database en masse.” the gmail address book available to everyone with a york email account.

    Reply Report

    • 23 Mar ’16 at 9:53 pm

      Liam Mullally

      Everyone is receiving them from different accounts. It is likely that compromised accounts are being used to help spread the email and mask its origin

      Reply Report

  2. How would I change my password ?

    Reply Report

  3. “Your York email account will expire within the next 12 hours. Order to remain active, Use the following link to update your account. Thank you our York Email Service.”

    Can we name and shame the Russell Group students who fell for such obvious bait?

    Reply Report

  4. 29 Mar ’16 at 5:12 pm

    Joseph Ballard

    Thought something smelt “phishy”

    Reply Report

Leave a comment