New scam email….your credit card has been invoiced….

…but of course it hasn’t…

We’re starting to see a number of emails being sent to staff with the core message that your credit card has been invoiced to the tune of usually around £1,600. The text in the body of the email so far is completely different between users, the sender email is different every time (one was even a spoofed Uni staff member), the subject line of the emails is different every time. Each of the emails we’ve seen has had malicious content in the attachment e.g. a trojan/virus.

So how do we detect these?
The one common theme to date is the format of the ‘Invoice’ at the bottom of the email. In all occurrences to date it has looked like this:

Note the format here – black header “Invoice 2019-“, grey bar at the bottom with ‘Invoice is attached’ or similar below.

What should I do if I get one of these?

  1. DON’T CLICK the attachment or any links from the email
  2. FORWARD the email to the Information Centre (

If you have any questions at all, please contact the Information Centre.
Thanks to those staff who have already forwarded examples on to us – by doing so, you’ve helped us take early action and get this message out to the staff community.