Several fraudulent emails are being sent from accounts posing as SLU employees. Attackers are using email addresses from external providers and manipulating the sender’s name so it is the same as an SLU employee. This type of attack is known as ‘display name spoofing’.
The Security Unit and the Division of IT urge everyone to be vigilant and take steps to ensure that emails from SLU colleagues have always been sent from verified university addresses ending in @slu.se. Emails sent from external email providers such as Gmail are always flagged with an automatic warning message.
If you receive an email from an external email provider where the sender claims to be an SLU employee, this is likely a fraud. If you are unsure of the sender’s identity, call your SLU colleague or email their official university email address. Remember, do not use personal email accounts for work-related correspondence.
Please note that the attackers are using the most sophisticated methods to mislead the recipient to click on a malicious link or to open an infected email attachment. For instance, the attacker can hijack an existing email thread, steal a name of a certain sender or recipient in the thread, and continue the thread with the stolen name by sending an email attachment or by referring to a link. In addition, there are also examples of fraudulent emails where the attacker has stolen email signatures from SLU employees. Please be attentive to all emails – even those sent from existing email threads.
The Security Unit and the Division of IT recommend that you delete these fraudulent emails and do not reply to them or click on any links or attachments.