If it seems too good to be true…it probably is 

Lyle Docherty
Wednesday 1 April 2026

There has been a recent increase in scams targeting organisations with messages that promise something exciting, valuable, or urgent. These messages often look genuine and may even come from real University or Microsoft accounts that attackers have compromised.

Use this guidance to understand how these scams work, how to spot them, and what you can do to protect yourself.

The anatomy of a “too good to be true” scam 

Attackers design their messages to trigger emotional responses such as excitement, sympathy, or fear of missing out. To appear legitimate, they may:

  • Use a compromised real account
  • Copy familiar logos or branding
  • Send messages to large numbers of people at once
  • Encourage you to act quickly

None of these are legitimate.  A genuine offer will never require you to make an upfront payment, share personal details, or act immediately.

These scams exist for one reason: to get you to send money or disclose financial information. 

Common types of scam messages

1. Free hardware or gifts

You may receive a message offering a free laptop, phone, or other valuable item, but asking you to pay a small “delivery” or “handling” fee.

Real organisations do not run giveaways like this, and they will not request payment by email or private message.

2. Donations or gifts after a bereavement

These messages try to create sympathy. They may claim:

  • Someone has recently passed away.
  • Their partner or family member wants to donate items or money to you.
  • You only need to pay shipping or customs fees.

This is a common scam. Strangers will not contact you with large donations.

Red flags to look out for

Be cautious if you spot any of the following:

  • Unexpected offers of gifts, rewards, or inheritances
  • Any request for money, including fees or charges
  • Urgent deadlines that pressure you to act quickly
  • Requests for bank or card details
  • Messages that do not match how the University typically communicates

If you did not initiate the conversation or request the item, treat the message with suspicion.

How to protect yourself

1. Take your time

Scammers rely on quick reactions. Pause and consider whether the message makes sense.

2. Verify through official channels

If a message appears to come from someone within the University but feels unusual, do not reply to it or contact the sender using the same channel.
Instead, reach out to IT Services for confirmation.

3. Never send money in response to unsolicited offers

Legitimate programmes or giveaways will not ask you to pay to receive something.

4. Report anything suspicious

If something feels off, report it. Even a small doubt is enough reason to check.

Final thoughts

Scammers are continually improving their techniques, especially those involving emotional stories or offering something valuable. Once you know what to look for, these scams are much easier to identify.

A simple rule still applies:

If it seems too good to be true, it almost certainly is.

Thank you for staying vigilant and helping keep our University community secure.

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.

Cookie preferences