Increase in Phishing Attacks

We have had a lot of phishing attacks recently, many coming from University staff and student accounts that have given their username and password in response to an earlier attack. A lot of people are responding to these.  The wording varies, but all follow a very traditional pattern for phishing messages.  They include emails telling … Continue reading “Increase in Phishing Attacks”

Published: Posted on

Password Spray Attacks

The NCSC recently issued an advisory on password spray attacks.   The attacks are aimed at   health care organisations involved in the coronavirus response, including research.  The University is a potential target. In password spray attacks, attackers use a few easy to guess passwords and try them against multiple accounts.  Attacking in this way does not … Continue reading “Password Spray Attacks”

Published: Posted on

Covid variation of Gift Card Scam

Earlier this year we published an article on the Gift Card Scam. We have had a few reports of variations in this scam, tailored for the current Covid-19 crisis.  One example email started with the following. “Good morning Peter, I’m planning to surprise some of the staffs with gifts during this unprecedented health crises, your … Continue reading “Covid variation of Gift Card Scam”

Published: Posted on

Gift Card Scam

Quite a few people have reported a scam that is becoming common on campus and some have reported losing hundreds of pounds of their own money to scammers. Scammers are sending email from various external email accounts claiming to be from senior members of departments.  These are often highly targeted so that the person they … Continue reading “Gift Card Scam”

Published: Posted on

New Password Expiry Notice

IT security policy requires password changes every 180 days. In order to achieve this, passwords are set to expire approximately every 180 days. Warnings and reminders are sent in the period running up to password expiry times. The password expiry noticed issued by IT Services has changed recently. The new notice looks like this. If … Continue reading “New Password Expiry Notice”

Published: Posted on

Blackmail Scam

We have been getting quite a few calls recently about messages trying to blackmail people.  They allege that the recipient has been viewing pornographic sites, malware has been installed on the recipient’s computer and they have compromising recordings of the recipient that will be sent to friends and colleagues. For example: To make the message … Continue reading “Blackmail Scam”

Published: Posted on

GDPR and Cloud-based Services

Formstack Security If you are using Formstack to collect and process personal data then you must ensure that the security options are enabled for each of your forms. This includes all three of: SSL – Secure Sockets Layer for the website. If enabled, the URL starts with “https://” and the browser displays a padlock symbol. … Continue reading “GDPR and Cloud-based Services”

Published: Posted on

Using DropBox Securely

DropBox and similar cloud-based collaboration services are highly functional and are used by many across the University to share content with external collaborators. However DropBox is a high profile target and we have reservations around its security.  Most of the time DropBox will be fine but it should not be used to hold confidential or … Continue reading “Using DropBox Securely”

Published: Posted on

URL Shorteners

URL shortening is when you use a service such as bit.ly or tinyurl.com to take a very long URL and condense it into a very short URL. This is very useful for when you need a short URLs, when you have to read a URL over the phone, or for a .pdf document.  Below is … Continue reading “URL Shorteners”

Published: Posted on