The University network environment The University of Birmingham operates a more permissive network, in terms of firewalling and network traffic filters, than is usually found in a workplace environment. We believe this is important to foster the kind of open academic environment and ethos we strive to have here at Birmingham. Much of the research … Continue reading “Illegal file-sharing and copyright infringement”
Fake Email Administrator Message
Quite a few people have received a message asking you to login to “reset” their email. This is something that IT services would never ask you to do. It is similar to others that have asked you “verify” your email. As it generated a few queries, I am posting an example with an explanation of … Continue reading “Fake Email Administrator Message”
Parcel Deliveries
There have been a lot of bogus emails claiming to be about parcel deliveries. We have given plenty of advice on spotting bogus messages, but this piece of simple advice should help avoid falling victim to even the most convincing scams. A lot of people now appreciate that if they are not expecting a parcel, … Continue reading “Parcel Deliveries”
Filtering Email Display Names
Introduction In order to help people avoid being tricked about the sender of an email, from 2nd May 2017 we started filtering out the display name from email From: fields in email originating from outside the University. This measure is not being applied to email from UK academic sites and other trusted, well regulated email domains that … Continue reading “Filtering Email Display Names”
Bogus invoices from the University
We have had a lot of reports about fake invoices apparently sent from other members or departments in the University. A new trick being deployed is to add an extra address in the from: field after the name but before the actual address in the from: field. This tries to trick people into downloading and … Continue reading “Bogus invoices from the University”
Majordomo Mailing Lists and Malicious Email – Advice for List Owners
We have had a lot of calls and emails from people concerned about a recent malicious email (fake DHL parcel notification – see https://blog.bham.ac.uk/itsecurity/2017/04/04/malware-in-fake-dhl-parcel-notification/). The messages were sent mainly to Majordomo mailing lists, so many people received multiple copies. It has become apparent that many list owners are not taking advantage of security features of … Continue reading “Majordomo Mailing Lists and Malicious Email – Advice for List Owners”
Malware in Fake DHL Parcel Notification
We have received numerous messages containing email claiming to be from DHL about a parcel. The messages ask you to download a “javascript report”. Javascript is a language for writing programs and not the type of file that would contain a report. This is in fact a javascript program that when run downloads other malicious … Continue reading “Malware in Fake DHL Parcel Notification”
Malicious email from Birmingham University account
The following are examples of phishing email sent from a Birmingham account that had been compromised. If you look carefully at the content it should be clear that the messages are not genuine. We think that the fact that it originated from within the University led some people to believe that it was real. … Continue reading “Malicious email from Birmingham University account”
Fake UKPC parking tickets
Amongst the other scams and phishing emails that are around, there is a fake email based parking ticket scam being sent to people nationally. The email contains a fake parking ticket. The email claims to be from UKPC and has a link that tries to trick you into downloading malware onto your PC. This has … Continue reading “Fake UKPC parking tickets”
Password Policy
People sometimes question why we have a policy that requires people to change their passwords every six months. The question is often asked following publication of articles suggesting that abandoning password expiry should be considered. This blog entry explains the current position which has recently been reviewed and accepted by ISSG, the University group responsible … Continue reading “Password Policy”