iPhone, iPad and iOS Mail vulnerability
We have been made aware of a potential bug in any mail app software running on all iPhones, iPad’s and any devices running iOS software.
When using the mail application on any of these devices, a pop up screen appears asking you to re-login to your iCloud (or potentially another account).
This is a phishing scam attempting to obtain your password details, similar to the numerous emails you will receive in your inbox. Please do not provide these details, specifically when you are using the iOS mail app, click cancel and delete the email from your inbox.
If you are required to login again to iCloud or any other account on your device, wait until you are prompted when not using the mail app.
What should you do if you have entered your details in the pop up?
If you have entered your details in a popup window whilst using the mail app we ask that you reset the password of the email account you were using at the time. If this was your University email account, please reset your password via selfcare: https://selfcare.sunderland.ac.uk/ If you require IT Support to help you reset your password, please contact us on 0191 5153333.
Steps you can take to recover your mail account on your device.
Open your mail account online (mail.staff.sunderland.ac.uk for your University email account), delete the message that was open when the pop up appeared. Delete the mail account from your device and re-add it. If you require assistance with this please contact us on 0191 5153333.
The University continues to be targeted by unsolicited spam and phishing emails. IT Services are continuing to manage these outbreaks but this is being hampered by staff opening attachments in malicious emails. This means that outbreaks spread more quickly and widely amongst University staff as your address list can be compromised, and can potentially proliferate viruses.
If you open email attachments or click on links within suspicious emails, the consequences will be that IT Services we will suspend your University account and quarantine your PC until we are confident that all threats have been removed. It is important to understand that activating these phishing emails can also result in your personal data being at risk, so it is vitally important that you remain vigilant when using email.
Staff must NOT
- open attachments that they are not expecting or look suspicious even if they come from a member of University staff.
- click on links within unsolicited emails
Advice to spot suspicious emails remains as per our previous emails:
- Name and e-mail address don’t match
- Unsolicited requests for personal information are made by clicking on a link to a website are a clear danger signal
- It attempts to prove legitimacy using words such as ‘Official’
- Uses a real organisation or company name but shows an e-mail address that does not match
- It is written using poor grammar and contains misspellings
- You are not expecting an email attachment from the sender
- There is very little information regarding the attachment or it asks you to open the attachment
- You don’t know the sender of the email
If you believe you have received a spam / phishing email , forward the email to email@example.com and update your IT support teams to ensure they are informed of the issue. If you have opened unknown attachments, or clicked on suspicious links within an email, contact your local IT provision urgently, as there is a need to have your computer checked for an infection.