Information Security awareness blog
Welcome to the Information Security awareness blog, your go-to resource for the latest in cybersecurity awareness. This blog offers practical tips, expert advice, and up-to-date information to help you stay secure in the digital world. Whether you're a member of staff or a student, you'll find valuable content to enhance your cybersecurity knowledge and practices.
Get in touch
If you'd like to submit an article for the blog or suggest discussion topics, please contact us: .
Cybersecurity Alert: Watch Out for Email Impersonation and QR Code Scams
π§ Business Email Compromise (BEC) – Invoice Scam
These scams often aim to trick recipients into changing payment details or making unauthorised transactions. To stay safe, always verify email addresses carefully, be wary of urgent or unusual requests, and follow established procedures. Additionally, QR code scams are becoming more common, with malicious codes leading to phishing sites or malware. Always scan QR codes from trusted sources and double-check URLs before proceeding.
In a recent incident, criminals were able to join an ongoing email conversation by using an email address only subtly different from a known and trusted email account.
How this scam works:
A hacker gains access to or monitors a legitimate email thread.
They insert themselves into the conversation, usually replying as if they are the vendor or supplier.
However, the emails are from a slightly altered email address. For example, john.smith@fakebusines.co.uk instead of john.smith@fakebusiness.co.uk to trick recipients into responding to the email. Often the change is so subtly different it is not obviously picked up.
Once involved in the conversation, the rogue actor can try to persuade the recipient at the University to do something that they might not normally do. For example, change bank details, cancel invoices, make an urgent payment, have goods sent somewhere unusual, or any other fraudulent aim.
What to watch for:
β Always double-check the full email address, not just the name to ensure it is the correct email address and correct name.
β Be cautious if pressured into doing something that does not follow usual processes.
β Look out for unusual language or pressure to act quickly.
β If in doubt, pause and verify before responding.
π± QR Code Scam
We would also like to remind University members of the increasing risk associated with QR codes. While QR codes offer convenience and efficiency, they also pose significant security threats that can compromise personal and organisational data.
Key Risks of QR Codes:
Malicious URLs: Cybercriminals can embed QR codes with malicious URLs that, when scanned, can download malware onto your device or redirect you to phishing websites designed to steal personal information
Overlay Attacks: Attackers may place malicious QR codes over legitimate ones, leading unsuspecting users to fraudulent websites or applications
Third-Party QR Code Scanners: Using third-party QR code scanning applications that aren't built into your phone can make your device less secure. These apps might ask for permissions that could be used to access your private information
How to stay safe:
β Avoid scanning QR codes from unofficial or suspicious-looking signs. Always ensure the QR code is from a trusted and legitimate source before scanning.
β Double-check the URL that pops up after scanning — is it the correct URL intended; does it look legitimate?
β For campus services like parking, access links through the official university website or app.
β Use Trusted Apps: Use the built-in QR code scanner on your smartphone rather than third-party apps.
β Be Cautious with Emails: Avoid scanning QR codes from unsolicited emails or messages.
β Report any damaged or suspicious QR signage immediately to IT Help desk.
Letβs stay vigilant together.