University staff fooled by phishing scams
Phishing emails claiming to be from Heads of Departments have tricked staff members into making expensive purchases
Staff and PhD students have been reimbursed by their faculties after falling for scam emails with urgent requests to purchase vouchers worth up to £500.
The phishing emails appear to be from Heads of Department and are directly addressed to the recipient.
The emails claim that the Heads of Departments are heading into meetings with “limited communication access” to prevent recipients from asking for further clarification.
The vouchers are requested under the pretext of rewarding members of staff, including the recipient. Itunes, Amazon and Apple gift vouchers are among those that the scammers are requesting.
Tamsin O’Connell, Head of the Department of Archaeology, told Varsity that her department has had to recompense members of staff that have been taken in by the scam.
Speaking about the magnitude of the issue, she told Varsity: “Part of the reason why this is successful is because people are ashamed”.
“They don’t say anything about it and so then they don’t raise the profile,” O’Connell said.
Scammers are likely retrieving the information of the people they are targeting from the department websites.
The McDonald Institute for Archaeological Research, for example, has many affiliated persons at other institutions and universities who have also been targeted by the website.
Some departments have responded to the phishing scams by updating their website to replace the ‘@’ in emails with square brackets.
As a result, their emails cannot automatically be used and must instead be manually typed. This, however, has not prevented the scams since it is likely that they are from individuals with a targeted approach who can replicate writing styles, Varsity understands.
The phishing scam has most recently been brought to the attention of staff in the Cambridge Apple store. Workers refused to sell £500 worth of vouchers to one staff member until they rang their Head of Department directly and realised the fraudulent nature of the original email.
The University has cyber awareness training for staff members, but this is not compulsory. In response to recent scams, Heads of Departments are continuing to strongly encourage staff to complete the training. Alongside staff, PhD students and early career researchers have been targeted by phishing scams.
O’Connell noted that this scam “particularly exploits [the] power imbalance” between researchers and their higher-ups, as “someone might not feel able to question” their Head of Department.
She stressed that PhD students were particularly vulnerable in being less willing to question a request from their seniors. As PhDs change more regularly than academic members of staff, departments have said that they will continue to raise awareness.
The phishing scams will be mentioned in inductions and PhD termly meetings to minimise money lost, with tips for avoiding the cons being shared.
- Arts / What on earth is Cambridge culture?20 December 2024
- News / Cambridge ranked the worst UK university at providing support for disabled students21 December 2024
- Comment / In pursuit of the Protestant work ethic at Cambridge20 December 2024
- News / Cambridge law journal apologises following paper on Gaza annexation19 December 2024
- News / Tuition fees set to exceed £10,000 by 202920 December 2024