Security advisory: scam emails using your email address as the sender, Friday, 16 July

Fri, 16 July 21

What is happening:

Please be aware that a sextortion email scam is targeting UCD staff and students. To convince the recipients that these emails are genuine, the attackers are using some of the following techniques.

  • Some emails are using the recipient’s email address as the sender; however, the emails are not being sent from your account.
  • Some emails contain familiar passwords to the recipients, likely stolen from external data breaches such as LinkedIn, Adobe, etc.

The emails claim to have compromising images of the recipient and asks for payment to stop the images being released publicly.

If you receive such an email, please mark it as spam and do not reply to it. If the password in the email is a current password for UCD or any personal website or application, you must change the password for those accounts immediately. Please ensure your UCD password is unique and not a password or a similar password to one you have used previously or on any personal website or App.

If you believe your UCD Connect account has been compromised, you must contact with details of the incident and please include screenshots, such as recent login activity, malicious forwarding, unauthorised sent emails, unauthorised accounts, filters, etc.

Top email security tip – Only use Gmail web or official mobile apps to access your University Emails. Never use a third-party client such as Outlook, Thunderbird or the default email apps on iPhone or Android devices. Gmail Web has a number of advanced phishing and malware protection features that are bypassed if you access your university email on third party email clients such as Outlook.

Please visit IT Security Tops Tips page for more security tips, including how to check recent logins to Google Workspace account.