Several fraudulent emails are being sent from accounts posing as SLU employees. Attackers are using email addresses from external providers and manipulating the sender’s name so it is the same as an SLU employee. This type of attack is known as ‘display name spoofing’.
The Security Unit urges everyone to be vigilant and take steps to ensure that emails from SLU colleagues have always been sent from verified university addresses ending in @slu.se. Emails sent from external email providers such as Gmail are always flagged with an automatic warning message (see the information about the yellow phishing banner).
If you receive an email from an external email provider where the sender claims to be an SLU employee, this is likely a fraud. If you are unsure of the sender’s identity, call your SLU colleague or email their official university email address. Remember, do not use personal email accounts for work-related correspondence.
The Security Unit recommends that you delete these fraudulent emails and do not reply to them or click on any links.