Cyber-criminals will target anyone and the ways they do this are becoming more sophisticated. We are aware of a specific type of phishing email where fraudsters are impersonating senior University colleagues, demanding the transfer of money or to purchase vouchers on their behalf. The current phishing attack has involved requests for Apple or Amazon vouchers with a sense of urgency applied to pressure the victim to respond.

How do I know if the email is from a fraudster?

• If you receive any unexpected or unusual emails, always check the email address in the 'From' field. Look out for emails flagged as ‘External’.
• In the most recent cases the fraudsters have been using Gmail accounts (gmail.com).
• Fraudsters could spoof legitimate Warwick email addresses. To spot this, when you reply to an email, the 'To' address may change. If in any doubt, delete the address listed and select the user from the Global Address list.
• Fraudsters will try to create a sense of urgency. They want you to take action quickly before checking the details. Stop and think about what you're being asked to do, if in doubt, contact your Line Manager by phone or on Teams to check.
• If the email isn't addressed to you personally, it’s best to query it through another channel. This could be part of a wider phishing campaign.

What to do if you have received this email and bought vouchers?

• If you've been targeted in a cyber-crime attack, contact the IT Helpdesk at helpdesk@warwick.ac.uk
• Report any suspicious activity to ActionFraudLink opens in a new window.
• Contact your Bank or finance provider. Most UK banks have their own cyber security teams. If you believe your card details have been obtained or used fraudulently, contact your provider. If you have used a university card, contact the Finance department.

What is Phishing?

Phishing is any deception designed to trick you into communicating sensitive information, or making a purchase. Look out for these characteristics:

• Messages come in different forms; email, SMS, direct messaging on social media, phone or post.
• Emails are designed to look authentic and legitimate, copying ‘official’ business or university identities.
• There will be a sense of urgency and pressure to act and respond quickly.

Sources of help

• If you receive a phishing email or think you may have been targeted in a cyber-crime attack, contact the IT Helpdesk using helpdesk@warwick.ac.uk. You can report any suspicious cyber activity to ActionFraudLink opens in a new window.
• Most UK banks have their own cyber security teams. If you believe your card details have been obtained or used fraudulently, please contact your provider immediately. ·
• The UK National Cyber Security CentreLink opens in a new window has lots of information and advice on protecting yourself from cybercrime - for personal and business users.
• Take FiveLink opens in a new window is also a national campaign offering straight-forward advice that helps prevent email, phone-based and online fraud.

You can report any personal security concerns or incidents to our Helpdesk - as reporting on phishing attacks and suspected scams helps our Cyber Security team to monitor and track fraudulent and criminal activity, keeping us all safer, more aware and better-informed.