- Approximately 800 phishing emails were sent to University of Aberdeen postgraduate students overnight, with the premise of offering a personal assistant job.
- The emails were impersonating a genuine external Professor, which was an attempt to lend credibility in case any recipients ran a search on the name.
- The emails stated the applicant would be tasked with making purchases and payments on the Professor’s behalf, and that “some of their personal letters and mails will be forwarded to your residence or nearby post office for you to pick up at your convenience”.
- The email requested the recipients reply and provide a large amount of personal information if interested.
What was the attacker’s goal?
This appears to be a two phased attack:
Phase 1:
The first phase is to collect as much personal information as possible. Personal information is valuable to scammers for several reasons: - It can be used to craft highly convincing scams against individuals at a later date.
- It can be used to attempt to take loans/credit out in your name.
- It can be directly sold on the dark web for profit.
Phase 2:
The statement that the applicant would be responsible for making payments/accepting packages suggests that this was an attempt to recruit money mules. Money mules are individuals who are recruited to launder money for criminal organisations, usually by receiving and transferring funds and making it difficult for law enforcement to track the proceeds of crime. Many money mules will not realise they are doing anything illegal, however they may still be prosecuted if caught.
Students are a highly targeted group for this type of activity.
What should you do if you have provided personal information?
The senders of these emails and related addresses have been blocked by the IT department, however if you have replied it is highly likely the scammer will reach out from a different address. - Cease all contact immediately.
- Be highly vigilant for further phishing emails or calls.
- Consider researching and signing up for a reputable credit checking agency to ensure credit has not been taken out in your name.
- Report any contact from new email addresses immediately.
Further Information & Advice
How to spot and report a phishing email:
https://www.abdn.ac.uk/staffnet/working-here/it-services/security.php#panel7228
Student Safety Guide for more information on Money Mules and other types of Scams:
https://www.abdn.ac.uk/students/documents/Student-Online-Safety-Guide-2023.pdf
Find more information on Money Mules on the National Crime Agency’s website:
https://www.nationalcrimeagency.gov.uk/moneymuling | 
