When an email from a genuine external contact is compromised

In some cases, a malicious request might be sent from a real email contact whose account has been compromised. Our natural instinct could be to reply to an email we receive from a known contact. However, if it is asking you for something out of context or you feel it is a bit strange, make sure to pause, stop and think.

If you receive a malicious email from a genuine external contact and follow the request, you could be putting your information, your research or the University at risk of a security breach.

A member of the University of Oxford explains a near-miss:

‘I received an email from an external contractor whose email account, unbeknown to me, had been compromised. The email contained a download link that prompted me to enter my SSO credentials. I clicked on the link, but thankfully did not proceed to enter my credentials due to the unusual nature of the request. But I realise now, just how easy it can be to make a mistake.’

Prevent falling for a malicious email

Pause, stop and think before responding to any request that seems unusual.


Don’t just react - instead investigate a little further, try to verify the request through another, separate route, even by checking with the individual mentioned before doing anything. If you do, accidentally, respond to an email request and you think or know it to be fake, report the incident to OxCERT and speak to your local IT support team for practical help.


It is not your fault. When a real contact’s email is compromised, it may be almost impossible to detect the fake request.

Project Management


Related content