WebLearn Phishing Attack (of sorts)

Fish: https://www.flickr.com/photos/laurelrusswurm/12395604404/Quite a few people have received a strange message (given below) about the need to reactivate an expiring WebLearn account.

I would like to assure you that this is NOT a legitimate message: users should NOT click or follow the link.

I have reported this to OxCERT but I would appreciate it if you could spread the word amongst staff and students that they should ignore this and any other similar messages.

By looking at the logs, we can see that quite a few people have already clicked on the link.

That message again:

From: IT Services [mailto:nsms@it.ox.ac.uk]
Sent: 26 October 2015 12:58
Subject: Access Services Manager

Dear User,

Your access to The WebLearn is expiring soon due to inactivity. To continue to have access to this service, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your WebLearn page.


If you are not able to login, please contact the service desk for immediate assistance.


Access Services Manager
Computing Services and Systems Development
University of Oxford
13 Banbury Road, Oxford, OX2 6NN
tel: (+44) 1865 612345


[Image removed by sender. Powered by Hairyspire]

Posted in WebLearn | Tagged | 1 Comment

One Response to “WebLearn Phishing Attack (of sorts)”

  1. […] Note: this is this is NOT a legitimate message: users should NOT click or follow the link.  More details: http://blogs.it.ox.ac.uk/adamweblearn/2015/10/weblearn-phising-attack-of-sorts/ […]