IT Security Project: Careful when you spot a 'phishing' email
Thursday, 15 November 2018
An IT Security Project at the University is working to improve our protection from cyber threats. Many of the changes will not be visible to colleagues, but changes brought about by the project mean:
- administrator rights on a computer/laptop will be limited to those with a business need
- unsupported software will be upgraded or removed
- all University Apple computers/handheld devices will be enrolled in a central management system in line with Windows devices.
Starting this week, we are launching an awareness campaign about what the staff and students at the University can do to support stronger cybersecurity.
The focus today is on phishing.
According to the National Cyber Security Centre: “Phishing describes a type of social engineering where attackers influence users to do 'the wrong thing', such as disclosing information or clicking a bad link”.
In simple terms, phishing is an attempt to trick you into handing over sensitive information (login, passwords, banking details etc.). This can happen via a text message, social media, or by phone, but most people use “phishing” to describe suspicious looking emails.
It works like this. An email lands in your mailbox that looks like it is from the University, a company, a friend, or even a family member. The email contains a link that takes you to a webpage. You enter your login and password details. That webpage turns out to be fake and collects these details to access details from your account or make changes to it.
Colleagues would have noticed that the frequency of ‘phishing’ emails has increased over the past few months. Just last week, we shared a Phishing email alert: “Review blocked sign-in attempt” on the Staff Portal.
So what can you do to protect yourself?
Phishing messages can be difficult to spot, but please look out for anything that looks suspicious, unexpected or usual.
Common phishing techniques include:
- The email indicates urgent action is required.
- The message might appear to come from a trusted authority, including from a University email address
- The URL in a phishing message may appear to be valid. However, if you hover your mouse over the top of the web address (URL), you should see the actual hyperlinked address.
- The message contains poor spelling and grammar.
- The sender’s email address is from a suspicious domain e.g. @reading-ac.uk
- The message asks for personal information.
Do not click on links in an email from someone you do not recognise or are not expecting an email from.
For more information visit: https://www.reading.ac.uk/cybersecurity/