Since last week, students and staff at the University of Cambridge have reported receiving phishing emails that appear to come from email addresses of University members, claiming that “Mrs. Talida State is currently downsizing and has kindly offered her late husband’s beloved possessions […] to members of our community”.

Although the listed items were promised “free of charge,” the email added that, “to allow for the fastest possible processing by the movers, payment of the shipping fee must be made via a gift card”. It said this would be “the quickest and most secure method accepted in this situation”.

The email urged recipients to “act quickly” given the “great demand” for “these high-value items”.

The items listed in the email, titled “Academic Affairs Shared a relevant Note,” included valuable electronic devices such as a PlayStation 5, a MacBook Pro, an iPad Pro, and an Apple Vision Pro. Several musical instruments were also advertised, including a 2014 Steinway & Sons piano, a “beautiful violin,” and an “Eric Clapton signature 1939 Martin 000-42 guitar”.

Recipients were instructed to “contact Mrs. Talida State directly” via a US phone number, which appears to trace back to a user based in Arizona.

Around the same time, another scam email was reportedly circulated among students and staff, containing links designed to steal login credentials and enable University accounts to be compromised and used to send further phishing emails.

Following reports by students and staff, the emails were recalled by the University Service Desk, and are no longer available in recipients’ inboxes.

A spokesperson for the University of Cambridge told Varsity: “University Information Services (UIS) has supported students and staff who reported a recent phishing email. Cybercrime remains an ongoing risk, with scams commonly using techniques such as phishing and compromised accounts. UIS is working with local IT teams to help protect the University community, and we encourage everyone to stay alert and follow good cyber security practices. Students and staff are strongly encouraged to complete the University’s annual cyber security training.”

Many students received follow-up emails from their respective colleges, warning them about the phishing scam.

An email sent to all King’s students said the giveaway scam message had “been going around all University departments and colleges,” and appeared to come from people within the University’s email system.

In an email from Caius’ JCR President, those who had transferred money were advised to contact their bank immediately, request a reversal of the payment, and report the transaction as fraudulent. Students were also encouraged to contact Report Fraud at 0300 123 2040.

The email added: “unless it comes from an official University/College Department account, if it sounds too good to be true, it probably is”.

On Wednesday (22/04), other students – including those at Sidney Sussex and those studying HSPS or sociology at postgraduate level – were sent a notice on the behalf of UIS, urging staff and students to beware of phishing emails and noting that recent scams “have targeted recognised systems or services (for example, SharePoint) and have impersonated Cambridge staff and students”.

In addition to the giveaway scam, students were warned about phishing emails appearing to link to SharePoint, a platform widely used at Cambridge for file sharing. Emails with subject lines claiming “Jane Doe” wants to share a file were said to contain links leading to legitimate SharePoint files. However, UIS said these files may include a second link that redirects users to a fake sign-in page designed to steal login credentials.

UIS warned: “If you input your information, your data would be at risk, and your account could be used to send further phishing emails or compromise University resources.”

Multiple emails were also circulated to Varsity email addresses on Wednesday from “Rosina Huxley,” requesting contact from “someone who truly appreciates music” who might be interesting in taking her friend’s “late husband’s Yamaha piano”.

On its website, UIS advises students to be alert to “common signs of social engineering” in phishing attempts, including a sense of urgency – “where the sender is pressuring you to respond quickly” – or messages suggesting that “you may miss out on an opportunity”.

UIS also notes that, while poor grammar used to be a clear indicator of fraudulent emails, “AI has enabled bad actors to write increasingly sophisticated and grammatically correct emails”.

The guidance also warns: “Email accounts can be compromised and abused to circulate phishing emails to other people. Bad actors want recipients to trust communication from a Cambridge sender, but it’s important to employ a healthy amount of scepticism when you receive an email.”

It continues: “Unexpected emails might not be safe. This includes emails […] claiming to offer something rewarding (like gifts, money, or a promotion).”

Students are recommended to verify “unexpected” emails with the sender through a different communication channel, and to report them to spam@uis.cam.ac.uk and their local IT team.

One student who received the phishing email described it as “really awful, as they’re preying on students who are notoriously without any money”. They added that “you gain a level of trust about an email” when it is sent to your university email address.

Similar scam emails have been reported at other UK universities. Last month, students at the University of Southampton were targeted by a similar phishing campaign, also sent using compromised university accounts. Around the same time, it was reported that an email allegedly on behalf of “Mrs. Talida State” was “widely” circulated at the University of Strathclyde.

The issue has also been observed at US universities as early as 2023, including Brown University, Stanford University, and the University of Chicago. However, earlier versions of the scam typically contained more grammatical errors, making them easier to identify as fraudulent.