Email: Malicious eml file attachment

Incident Report for Cardiff University

Resolved

Various different forms of scam email will continue to be received by members of the University, including ones with malicious eml files attached.
You are encouraged to familiarise yourself with good practise on scrutinising emails to make an informed judgement on the trustworthiness of incoming emails. For more information, search the Intranet for scam emails
Posted Jun 23, 2025 - 10:05 BST

Monitoring

We have identified a series of emails being sent to members of the University which contain a malicious eml file attached.
The subject of the email and the name of the attached file can vary, but the attached file ends in .eml
If the malicious eml file is opened it can affect your email and also trigger a mutated version of the email to be sent on to your contacts.

Steps have been taken to mitigate and intercept delivery of these emails, but if anyone receives an unexpected email particularly with an eml file attached they should not open the attachment and should report the email using the Report button.

If anyone opened the eml file attachment they should contact the IT Service Desk by telephone without delay.

More information on scam messages, how to spot them, and what action to take, is available by searching on the Intranet for "scam messages"
Posted Jun 10, 2025 - 10:33 BST