Phishing is getting cleverer all the time...
Phishing emails are getting cleverer, more realistic and more frequent. Spam filters do some of the work but will never be fully effective, so it’s up to each of us to read the context of messages and look for anything suspicious. The Digital Services team are here to support any colleagues or students who may have clicked on something that worries them – please don’t hesitate to get in touch using the IT Support portal.
Some useful tips to help you spot them
- Look at the email address, not just the senders name. Make sure it is a valid company address (Microsoft will never send you an email asking you to log in, from a colleague’s/teacher's email address.)
- Look again at the email/web address. Some false addresses look very like the real ones.
- Look for grammatical mistakes, not just spelling mistakes. When crafting phishing messages, scammers will often use a spellchecker or translation machine, which provide all the right words but not necessarily in the right context.
- Hover your mouse over any links, to check they go to a valid address/destination.
- Look out for a sense of urgency. If the email is rushing you into doing something, (even if from your boss or teacher), before you respond, contact the sender using a different method, to check it is from them.
- Follow your instincts, if it feels dodgy, it probably is!
All staff and student Office 365 accounts are continually monitored for compromise. If an account is suspected of being compromised it is immediately disabled and the IT Service Desk contacts the owner of the account. Currently the University manages 75 thousand email and IT accounts.
Top tips to keep you safe online
- NEVER tell anyone your passwords. It's vital not to disclose your password to anyone else. No University staff will ever ask you for your IT Account password
- Change your passwords often and make them ones that you can remember easily but anyone else would find diffficult to guess.
- THINK before sharing your personal details. There are risks of identity fraud and invasion of privacy whenever you give any personal details online.
- Beware of scam emails Phishing attacks are on the increase and becoming more sophisticated, so it's easy to get caught out and give away personal details if you're not alert.
- Don't download or copy illegally. Make sure you don't break the law by downloading, copying or sharing without permission. Stay legal online, this includes information from the Internet, files, music and video.
Get Safe Online - including advice about using Facebook and other social networking sites safely.
If you are concerned that your device might have an infection, free scanning tools are available such as Malwarebytes.
Stay Legal Online
It can be easy to download, copy and share software, music, film, video and information from the Internet, but it is illegal if the material is copyright. It is also a breach of the University if you break copyright when using the University’s IT network.
Misuse of the network may lead to disciplinary proceedings and may even result in formal legal action through the criminal courts.
If you connect your computer, phone or other electronic device to the University's IT network you should:
- Abide by IT policies
- Understand the risks of using file sharing software
- Understand copyright issues by visiting WLV Copyright Guidance
- Be aware that abuse of the University’s IT network results in disciplinary action.
Copyright and file sharing policy
The University states that you should not illegally share copyrighted material over the University’s IT network. This includes email, web pages, ftp, Hotline, IRC and peer-to-peer file sharing. It applies to both University owned computers as well as your personal laptop and other electronic devices.
What’s covered by copyright?
All types of media are subject to copyright including books, film, music, software and pictures. If you use, download or publish any of these media types it is your responsibility to ensure that you have the legal right to use the media in that way.
University of Wolverhampton Disciplinary Procedure
The University has a responsibility both under criminal law and to comply with the JANET Acceptable Use Policy to take action to prevent illegal behaviour and enforce penalties against individuals who breach copyright.
Infringements of copyright, unauthorised distribution and illegal downloading fall within the Archive: Student Code of Conduct and Disciplinary Procedure - September 2014 and action will be taken as follows:
First Infringement Notification
- Student’s access to the wireless and accommodation networks using personal devices is suspended for 28 days.
Second Infringement Notification
- Student’s access to the wireless and accommodation networks using personal devices is suspended for an indefinite period.
- Student disciplinary procedure is invoked and liable to fine or suspension.
Third Infringement Notification
- Student’s IT account fully suspended.
- Student disciplinary procedure is invoked and liability to fine or suspension or exclusion from the University.
Criminal and Civil Legislative Penalties
In addition to the University’s disciplinary procedure, there are several criminal and civil legislative penalties that the individual can incur that include:
- Damages and compensation for loss of profits through the civil courts
- Criminal law provides a sentence of six months imprisonment and or a fine of up to £50,000 for a copyright infringement heard at a Magistrates Court. The maximum penalty at Crown Court is 10 years imprisonment, plus the fine.
More information about the legislative penalties can be found in the Digital Economy Act 2010 and the Intellectual Property Office - Legislation.
Further information
- Respect Copyrights provides guidance on legal downloading and avoiding digital piracy.
- For further advice about file sharing, please contact the IT Service Desk on ext. 2000 or 01902 32 2000.
- More information about copyright can be found on the University Library website.
Five Laptop Travel Tips for Staff with University Laptops
Staff often travel with their University laptops and can connect to wireless networks in cafes, pubs, libraries, airports and hotels. All these places offer convenient and fast access. BUT, every one of these has the potential to expose staff to security breaches while using their laptop.
The following tips will help keep your laptop and data safe when you’re travelling:
Tip 1 – Before you leave the University – Prepare your laptop
Your University laptop will have anti virus and software patch management systems which keep it in a secure state and ensure you have the latest updates from any Internet connection.
However, to make absolutely sure that you have the latest updates installed:
- Connect your laptop to the University network to pick up these updates.
- Ensure you connect less than seven days prior to your date of departure.
If you are travelling to a destination which you believe may pose a substantial risk of hacking to your laptop then contact the IT Service Desk on ext. 2000 (01902-32 2000) to check that your laptop is up to date with security software.
Tip 2 – When travelling - Choose your Wi-Fi access point carefully
In public areas such as airports, there are usually several “Free” Wi-Fi access points that will be discovered automatically by your laptop. Select your network carefully by choosing a name that’s recognisable or a well-known commercial provider. The security features of different networks appear along with the network name. If you have a choice, always select a security-enabled network, so your data is protected by encryption when transmitting between your laptop and the Wi-Fi access point.
Tip 3 – On the move and when you arrive – Keep your laptop safe
Keep your laptop with you at all times, preferably in a bag that doesn’t advertise the fact that it’s a laptop! When you arrive, store your laptop securely, out of sight of casual passers-by.
Tip 4 – Think before emailing sensitive data - zip before you email
Remember that email is not a safe method of sending sensitive data.
Tip 5 – Very Sensitive Data – Leave it at the University!
Very sensitive data is any data which identifies individuals. This can be student course results, staff personal data or financial data with personal identifiers such as National Insurance or credit card numbers. Be mindful that any files in your personal file store (My Documents folder) are stored on your laptop, which although protected by your username and password, could easily be hacked into if it were lost or stolen. If it is absolutely essential that you access very sensitive data while off campus, there are other options. Please contact the IT Service Desk for advice about these.