Accessibility navigation

Reminder: spam emails using spoofed addresses

Spam email: message from IT

It has come to our attention that colleagues may have received a spam email pretending to be from the University’s IT department. 

The email shows two addresses – it pretends to be from the ‘IT Self Service Portal it@reading.ac.uk’ but the real sender address is 'carsal@edu.xunta.es'. The message says: 

“This is to inform you that we are currently updating our Web-mail interface to a new one for all employees and students. This is to improve security and reduce spam attacks on our staff and student account.

“Download and open through your web browser the University of Reading web page attached to this email and follow the Instructions on the page as instructed to migrate to the new Web mail interface.

“This procedure is in accordance with the security update Of the University of Reading policy, non-compliance with this Instruction will result in difficulties, to be taken into account.”

The email includes a HTML attachment for ‘Outlook Web App’.

This is not a legitimate request – please ensure you and your colleagues do not click on the attachment or follow any of the instructions given in the email. 

IT would like to remind users to be careful when they receive emails that look suspicious.

Our systems block approximately 3 million spam emails every week – even with these measures in place, a small number of spam emails still manage to get through.   

Spam emails can be hard to spot, especially if they use ‘spoofed’ email addresses or pretend to be sent from an existing University system.

These emails can also be malicious, and opening links or attachments from them could put your work and personal information at risk. 

We ask you to be vigilant and consider the following actions when opening email at work:

  • Never click on links or open attachments in unsolicited emails. 
  • Email addresses can be ‘spoofed’ to look like an address you trust. Check the email address carefully, and if unsure, check with the sender.
  • If the email pretends to be sent from a specific system, check the email carefully – emails sent from the University will include clear sender details and branding (including University email signatures). 

A screenshot of the email detailed above is available for reference. 

IT also recommend the following security guidelines:  

  • Use strong passwords, including a mixture of upper and lower case letters, numbers and special characters.
  • Never share your password or write it down.
  • Don’t allow family members or non-authorised people to use your work computer.

If you receive an email you believe to be suspicious or would like further information or advice, please visit the IT webpage: www.reading.ac.uk/it

Page navigation

Search Form

Main navigation