Phishing Email: MyCardiff_StaffPortal attachment
Incident Report for Cardiff University
Resolved
This incident is now resolved.

Anybody who is concerned they may have been affected by disclosing personal information is encouraged to utilise the UK's national Action Fraud resource, which can be found at https://www.actionfraud.police.uk
Posted Sep 14, 2022 - 11:59 BST
Monitoring
Instances of the phishing email have been removed, and the website attempting to trick users into disclosing personal information was blocked through the University campus network, through opening the link in Office 365, and by the University Sophos anti-virus software.

Anybody who is concerned they may have been affected by disclosing personal information is encouraged to utilise the UK's national Action Fraud resource, which can be found at https://www.actionfraud.police.uk
Posted Aug 02, 2022 - 16:00 BST
Update
Information is available on the intranet on how to spot and respond to phishing emails:
Staff intranet - https://intranet.cardiff.ac.uk/staff/supporting-your-work/it-support/security-and-scams/scam-emails
Student intranet - https://intranet.cardiff.ac.uk/students/it-support/security-and-scams/scam-emails

• Telephone the IT Service Desk urgently if you have entered your username/password into a fake login site, or if you have opened a suspect attachment on an email - do not email the IT Service Desk in these situations, instead telephone them or live chat them as a speedy response can be important
• Inform IT about a suspected phishing email by using the Report Message button within Outlook - there is no need to email IT or forward the phish email in addition to this
Posted Aug 02, 2022 - 11:07 BST
Identified
We are aware that a number of users have received a phishing email relating to a fictitious staff portal.

These phishing emails have a subject line similar to "PLEASE READ: Important Message" and seem to come from support@minekc.com. The email refers to an important message from Staff Portal, and asks that the attachment on the email be opened to proceed. The email has an attachment named MyCardiff_Staff_Portal.html which ultimately prompts for username and password.

Work is already underway to find, remove, and block these malicious emails, along with any web addresses they link to.

Search for Scam emails on the staff or student intranet for information on how to spot phishing & scam emails, how to report them, how to get help from IT if affected, and how to stay safe online.
Posted Aug 02, 2022 - 09:50 BST
This incident affected: Communication & Collaboration (Email & Calendar (Outlook)).