We have received information regarding a student loans phishing campaign. The phishing email appears to be sent from The Student Loan Company (SLC.co.uk) and is directing users to a fake login page. The Sender is being faked as "[email protected]", subject "Application for student finance submitted - Academic Year 2017/18", sending host "swift308.swiftinter.net".
If you receive an email which appears to be similar please either delete the email or if you are concerned contact the BU IT Service Desk who can advise if the email URL is legitimate or not.
Nationwide University Phishing Attack
We have received a feed from the governments Cyber Security Information Sharing Partnership (CiSP) that a number of universities have been sent phishing emails. Initially advertising work for students from various personal emails, and once the student makes contact the attacker gathers credentials via social engineering attacks. They then use the students’ university email addresses to spear phish staff to further infiltrate university internal systems, such as payroll system. We have alerted our frontline engineers as well as our IT Microsoft Team to double check some of these indicators of compromise (IOC).
If you receive an email which appears to match this information we suggest you delete it.
“Locky” ransomware
A new ransomware campaign is being seen across the sector. The most common way that the Locky ransomware is delivered is via an email containing an attached document. See the below link for more information:
https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/
Our email service has already blocked over 200 messages which could have been delivered. We are continuing to monitor this and will provide further updates if necessary.