Phishing attempts and email scams - a reminder to please be vigilant

Dear colleague,

As we prepare for a busy period at the University with A-level results day and the Clearing and Adjustment process less than a month away, I’d like to take this opportunity to remind you of the need for all staff at the University to remain vigilant and mindful of the threats posed by phishing attempts and email scams.

Phishing attempts can be fraudulent emails and telephone calls from someone posing as a trustworthy source in order to obtain sensitive information such as usernames, passwords and financial information. These attacks are on the rise and increasingly sophisticated so it is vital that you remain vigilant around any emails you receive.

Universities can often face an increase in the number of phishing attempts they receive in the build up to busy periods such as A-level results day and the start of the new academic year, so we need all of our staff to remain vigilant and take the following action to prevent phishing attempts and email scams.

  • Do not open or respond to emails that you suspect as being a phishing attempt or scam.
  • Do not open attachments that have been sent to you by unknown sources or click on unknown links.
  • Be mindful of the sender’s email address and any web links that you are sent - even a single character out of place may mean it’s fake.

Remember that the University will never call or email you asking for passwords, bank details or other sensitive information

As well as this action, all staff at the University must complete our mandatory training courses on protecting information and protecting personal data. If you need any assistance in accessing these courses, please contact your departmental administrator or the CiCS Helpdesk.

Further advice on how to spot a phishing attempt

If you receive an email that you suspect is a phishing attempt, forward it to: phishing@sheffield.ac.uk

If you suspect that you may have fallen victim to a phishing attempt, entered any personal information, or opened and downloaded any attachments from a suspicious email, please contact the CiCS Helpdesk immediately on 0114 222 1111.

Following a recent and very severe phishing attack at Lancaster University, we have proactively taken additional steps to reinforce the security of our IT systems and will be implementing additional technical controls in response to the heightened security risk. This may have some impact on how you access your IT systems, most notably for staff requiring VPN access for off-campus access to applicant systems, but it is a necessary step to ensure our staff and students are protected. Some of you will receive requests from CiCS to change your passwords over the next few days and it would help minimise risk to the University and our students if you could comply with this request as quickly as possible.

We have stringent security in place and we proactively monitor and take action to block phishing emails but it is important that we all remain vigilant.

Thank you for your help,

Bella Abrams
Director of Information Technology