Email: Malicious eml file attachment

Incident Report for Cardiff University

Monitoring

We have identified a series of emails being sent to members of the University which contain a malicious eml file attached.
The subject of the email and the name of the attached file can vary, but the attached file ends in .eml
If the malicious eml file is opened it can affect your email and also trigger a mutated version of the email to be sent on to your contacts.

Steps have been taken to mitigate and intercept delivery of these emails, but if anyone receives an unexpected email particularly with an eml file attached they should not open the attachment and should report the email using the Report button.

If anyone opened the eml file attachment they should contact the IT Service Desk by telephone without delay.

More information on scam messages, how to spot them, and what action to take, is available by searching on the Intranet for "scam messages"
Posted Jun 10, 2025 - 10:33 BST