Phishing attacks and online fraud – protective steps

by Jennifer Kennedy.

Digital Technology Services is increasing the visibility of potentially fraudulent email by marking all email from outside the University to remind users to treat links or attachments with caution. This is an increasingly common tactic across the HE sector to help users to better identify fraudulent email, reducing the risk to them and the University.
Over the past month the University has seen a big increase in phishing, with over 3000 fake emails being delivered to University users’ mailboxes. While many recipients identify them as fake and report them so DTS can take action, the emails and web pages linked to are often convincing enough for some people to be taken in, providing usernames and passwords or other personal data to the attackers. Where we can trace that a user is at risk from an attack, DTS can take action and have reset over 100 hundred users’ passwords where suspicious activity is observed.
Once a user’s username and password are compromised like this they are exposed to a number of risks which have recently included use of their mailbox to launch further phishing or fraud attacks against other University users and changing staff bank details in Core to redirect salary payments to an attackers account.
The CyberAware online training shows users the key risks in online activity, such as mail and web browsing, and how to deal with them. We recommend all undertake this regularly. While DTS can identify accounts at risk and support users in recovering control of their account, we cannot help where data or money has already been lost. For this reason it is important for the protection of University staff and students that we help people identify suspicious activity and take appropriate action.
If you ever accidentally click on a suspicious link, contact IT Help on 0114 225 3333 immediately.