Email: Scam messages in Cardiff University mailboxes

Mailboxes may still receive an email notification that a file has been shared where the contents of the shared file attempt to trick you into entering your credentials into a fake login site.

Please continue to follow our guidance on staying safe (search on the intranet for scam messages), including checking whether you were expecting an email or shared file before interacting with it.

It can also be worthwhile checking the URL shown in your web browser address bar for any login screens.
Where Microsoft handle the login, the genuine URL should begin with https://login.microsoftonline.com/

The specific content of scam messages continues to evolve, but we are still seeing significant numbers of the same general formats:
• A file has been shared with you on SharePoint
• Someone is giving away a number of rare or high value items

Please remember that some of the most important considerations when deciding whether to trust an email are:
- were you were expecting to it receive it
- can you verify that the sender is who they claim to be, and that you trust them
- be very cautious about clicking links in emails, and even more cautious about clicking links or buttons inside documents
- if you are prompted to enter your credentials, check that the site asking for them is the genuine Microsoft login site

We are currently investigating a high volume of scam emails delivered to Cardiff University accounts.

These messages use several tactics, including:
•Prompts to call a phone number to claim an expensive tech prize.
•Links to files with misleading names such as “Cardiff University” or “Cardiff University March 2026 Payroll Update”.
•Sender addresses that may appear to come from within the University.

Our security teams are isolating and removing these messages and blocking any associated malicious links or files.

You do not need to report receiving these emails, but you may use the Report Message button in Outlook if you wish.
If you have clicked a link in one of these emails and have entered your username or password, please change your password immediately and contact the IT Service Desk.

Please continue to follow our guidance on staying safe (search on the intranet for scam messages), including checking whether you were expecting an email or shared file before interacting with it.