Required Information Security Awareness Training

Announcement You have all seen the flood of recent phishing emails (as in fishing for passwords and other sensitive information) and other social engineering attacks aimed at people. These generally try to trick you into typing your password into some sort of false sign-on screen or download malicious software. Automated controls such as SPAM filters … Continue reading “Required Information Security Awareness Training”

Published: Posted on

Meltdown and Spectre – time to panic?

We have had a number of queries about the well-publicised processor vulnerabilities, Meltdown and Spectre.  There are no reports of actual exploits being used at this stage and certainly with meltdown an attacker would need access to the systems concerned in order to exploit the vulnerabilities.  Suppliers of operating systems, anti-virus and other relevant software … Continue reading “Meltdown and Spectre – time to panic?”

Published: Posted on

Student Password Change Notices

We have had a lot of queries recently about password change reminders and whether or not they are a phishing attack.  We have previously published an example password change notice highlighting its characteristics and how it differs from an attack. Some students have been asking why there has been a change in policy.  The policy … Continue reading “Student Password Change Notices”

Published: Posted on

Fake Fax Notifications

There are a number of emails circulating claiming to have fax messages attached.  These contain word attachments which are infected with a macro virus.   The messages are all from genuine senders who have been infected with the virus. If you receive any messages with attachments which are unexpected, please delete them and do not attempt … Continue reading “Fake Fax Notifications”

Published: Posted on

Important Message From Staff Portal

We have a huge number of reports of a phishing campaign which many people have recognised as such.  Some, however, appear to have been taken in by this.  Initial versions came from outside the University which were easy to spot as bogus. However,  once some people had given their passwords away their accounts were then … Continue reading “Important Message From Staff Portal”

Published: Posted on

Illegal file-sharing and copyright infringement

The University network environment The University of Birmingham operates a more permissive network, in terms of firewalling and network traffic filters, than is usually found in a workplace environment.  We believe this is important to foster the kind of open academic environment and ethos we strive to have here at Birmingham.  Much of the research … Continue reading “Illegal file-sharing and copyright infringement”

Published: Posted on

Fake Email Administrator Message

Quite a few people have received a message asking you to login to “reset” their email.  This is something that IT services would never ask you to do.  It is similar to others that have asked you “verify” your email.  As it generated a few queries, I am posting an example with an explanation of … Continue reading “Fake Email Administrator Message”

Published: Posted on

Parcel Deliveries

There have been a lot of bogus emails claiming to be about parcel deliveries.  We have given plenty of advice on spotting bogus messages, but this piece of simple advice should help avoid falling victim to even the most convincing scams. A lot of people now appreciate that if they are not expecting a parcel, … Continue reading “Parcel Deliveries”

Published: Posted on

Filtering Email Display Names

Introduction In order to help people avoid being tricked about the sender of an email, from 2nd May 2017 we started filtering out the display name from email From: fields in email originating from outside the University. This measure is not being applied to email from UK academic sites and other trusted, well regulated email domains that … Continue reading “Filtering Email Display Names”

Published: Posted on