What happened?
In early January the University was targeted by a series of phishing emails sent to staff and students, falsely claiming that tuition fees were overdue or that email accounts were due to be closed. These messages did not come from the University. Unfortunately, some individuals provided their university log in via an external website after clicking on a link in these emails. Those compromised accounts were then used to send a large volume of further phishing emails to some university accounts.
As per our standard process, these emails were automatically forwarded to the personal email address in the Student Record system. Students’ personal email addresses were not obtained by the attackers.
What did we do?
The incident was identified and contained quickly. We secured the compromised accounts, removed malicious emails, and put monitoring in place to keep systems safe. A full investigation was conducted, including engagement with relevant external authorities, and we contacted affected students with advice and next steps.
We take the security of our community extremely seriously and continue to review both our technical controls and our wider organisational response.
What action should I take?
- If you received one of these phishing emails please ignore it and delete it immediately. Do not click on any links, respond to any given email addresses or make any payments. If you did not click on any links or enter any details, your data will remain safe.
- If you have responded in any way to these emails, please contact the IT Helpdesk as soon as possible letting them know how you responded, what information has been shared and to whom. Contact the team:
- 24/7 phone line: +44 (0)1707 284678, or ext. 4678
- Email at helpdesk@herts.ac.uk
- If you have made a payment to the account, please contact your bank straight away to make them aware and change passwords on your accounts. The sooner you report it the quicker any damage can be limited. Please also let the University’s Student Finance team know at financial-support@herts.ac.uk and advise on amount paid so they can check your student record, support you through next steps, and monitor for any related issues.
- If you have clicked a link and used your university details to log into an external site , you must change your password on your university account at https://pss.herts.ac.uk
- Be vigilant to any further emails. See advice on how to spot a scam email, text, message or call.
ℹ️For further information and FAQs related to this incident please see Phishing Attack FAQs.
Student support
If you have been affected by this scam, it can be distressing alongside the stress of sorting out any impact on your finance.
Being the victim of a cyber-attack can be distressing and may leave you feeling upset, angry, or anxious — and that’s completely understandable. Please remember that you don’t have to deal with this alone. You can contact our Student Wellbeing team or the student wellbeing 24-hour helpline for free, confidential help and advice.
For more information see: Cybercrime reporting and support