OxCERT have been alerted about the following phishing email targeting the University WebAuth:
From: University of Oxford [mailto:email@example.com] Sent: 26 October 2016 12:21 Subject: IT Service Help Notice Dear All, This e-mail is to notify you that we are having a server overload therefore we will be upgrading our server. We need you to go to the following link to keep your account active after the upgrade. https://webauth.ox.ac.uk/server?overload=8765
Here is an example of a recent Phishing email that the OxCERT team have dealt with. The first example we saw was around the 12th October and we have had a few hundred reported since. This was a good attempt. It was well written and had a strong 'call to action' implying people needed to do something to resolve a problem. It was also a complete fraud.