Yearbook phishing campaign

by Morgan Brazier

A moderately sophisticated phishing campaign has been observed targeting multiple universities including Bournemouth University, Brighton and Warwick.

The email and subsequent registration portal masquerades as a university yearbook to harvest personally identifiable information (PII) and card details, tricking users into submitting payment and sensitive information by creating convincing emails already containing their first name and university.

Similar campaigns have been seen this time last year from different domains.

If you have been affected by this phishing campaign it is recommended you report the incident to both Action Fraud and the BU IT help desk: