IMT have recently been made aware of a spoof email that’s been sent to several LSE email accounts.
The email invites recipients to download an invoice from a malicious link. Some of these emails claim to be from senior members of LSE or other Universities, and others from the UK government.
Because the emails are from different sender addresses, blocking a sender’s email address will not stop the spoofing emails from getting through.
The email looks like this one below, or a slight variation of it:
Subject: Invoice 0000516 from Central Secretariat (Secretariat@xxxxx)
You have received an invoice from CENTRAL SECRETARIAT (SECRETARIAT@XXXXX) for Â£2,827.14. To view, print or download a JS copy of your invoice, click the link below:
Best regards, Central Secretariat
All instances of the email are spoofing attempts. Do not respond to the email and delete it immediately.
Clicking on links within the email could potentially infect your computer with viruses or malware.
If you have clicked on a link or replied to the email, contact the Service Desk (staff) on firstname.lastname@example.org or the Help Desk (students) on email@example.com as soon as possible.
Your account will then be disabled while we check for any viruses or malware on your device and H: space.
Protecting yourself from spoof emails
Spoof emails are malicious emails that look like they’re from someone you know, or an organisation you trust. Unlike phishing (the purpose of which is to gain personal details such as account information or passwords), spoofing is an attempt to trick you into opening a malicious file (which is often ransomware) or otherwise divert payments to a different bank account.
By misleading the recipient into believing they know the sender, people are more likely to respond, putting their computer at risk of infection.
To protect yourself from spoofing attempts, make sure you:
- Use spam filters. LSE accounts have these already set up, but make sure your personal accounts do too.
- Double check the email address. When you see the sender’s display name or sender email address in your inbox, it doesn’t necessarily mean that’s the person or address it came from.If the display email address is inconsistent with the display name (for example, an LSE display name but with a random email address such as <firstname.lastname@example.org>, then it is an obvious spoof attempt.The email might spoof the display sender email address too, to make it more convincing. If this is the case then Microsoft (if you’re an Office 365 user) often provides a warning message:“This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing.”If it’s confirmed as a spoofing attempt, the email should be deleted immediately.
- Avoid clinking links that seem suspicious. Spoofers try to make the email look like it’s from someone you know, but think carefully if it’s something you are expecting from the sender. In the case above, are you expecting an invoice? Is this the usual way you’re notified, and does the tone and content of the email seem consistent with past communications?
Finally, to help protect against viruses and malware, make sure you have anti-virus software installed on your devices. Sophos anti-virus software is free to all staff and students. You can download your copy here.