Ransomware attack

You will have noticed the high profile ransomware attack that has been in the news over the past few days. (http://www.bbc.co.uk/news/technology-39915440)

Information Services are monitoring our systems and have the necessary precautions in place to minimise the risks from ransomware, however, staff and students should remain vigilant at all times.

In particular, please be suspicious of any emails received from unknown sources with attachments or links:

  • Do not click on suspicious links
  • Do not open email attachments
  • Forward the email to abuse@hw.ac.uk
  • Do not plug in unattended USB devices that are found

Typically ransomware will be hidden in emails that look like invoices for goods, communication from the tax office (HMRC) or your bank, requests to authenticate your accounts (confirm your user name and password) following an update etc.

If you use a machine that is not on the managed desktop please ensure that you

  • Update all Anti-Virus
  • Have a backup in place and that it is operational
  • Use minimal user permissions where possible

Can we remind all users to log out from their machines at the end of the working day. Information Services apply updates and patches to managed machines overnight and some patches do not apply until a machine is restarted.

If you have not logged out and restarted your machine for a few days please do so.

See https://www.getsafeonline.org/protecting-yourself/ransomware/ for more information on protecting against ransomware.

Tax refund phishing scam alert!

The phishing email below is doing the rounds – so don’t get caught out! If you think you have received a phishing email

  • DON’T click on any links
  • forward it to abuse@hw.ac.uk
  • delete it


Pointers that indicate that this is a scam include: –

  • poor grammar/proofing of text – note the capital “W” after a comma in the first line
  • the URL that the link points to doesn’t look anything like an HMRC URL
  • the URL isn’t secure – it’s http, not https

There are often phishing scams from fraudsters pretending to be HM Revenue and Customs. At certain times of year (like when the tax return deadline looms closer) you tend to get more than usual.

For more information on spotting the difference between genuine HMRC emails and phishing emails see Genuine HM Revenue and Customs contact and recognizing phishing emails

But remember – it’s not just HMRC that fraudsters pretend to be – so be vigilant!

Top tips to help you protect your mobile devices

1 Lock your smartphone/tablet

Restrict access to your phone by using a pin, password, complex swipe or other option. If it gets lost or stolen it’ll be more difficult for someone to access your information on it. Check the settings and enable automatic screen locking after several minutes of non-use.

2 Install software that lets you find/lock/wipe/disable your device

Many smartphones come with easy options to help you locate your device, flash up a message on screen to anyone finding it or to activate a loud noise to aid recovery or deter a thief. Or you could consider a stand-alone app.

3 Install anti-virus software

Every device you connect to the internet needs protecting from viruses and malware.

4 Keep up with the updates

If it’s an option turn on automatic updates so that you don’t forget. We’d recommend that you apply operating system updates when they’re made available.

5 Be cautious about the apps you install

It’s best to stick with the official marketplaces. Be wary about permissions requested during the installation process – does that free app really need to be able to read/send text messages or access your camera?

6 Backup your device regularly

Your mobile device will inevitably end up holding lots of data. Good housekeeping is recommended – you should routinely remove data that doesn’t need to be kept on your phone and back up what does.

7 Be wary of free Wi-Fi

Stick with trusted data connections or your home Wi-Fi for sensitive activities like banking transactions and purchases – and stick to secure sites – look out for https:// in the address bar, and check the padlock on the stats bar (click or double click on it to see details of the site’s security).

8 Don’t click on links (or open files) you weren’t expecting

Delete text spam – avoid responding to lottery or competition messages or clicking on links they include to strange looking websites.  If you read your personal or business emails on your phone keep a look out for phishing messages.

9 Be alert to your smartphone behaving oddly

  • Check your bills to see if text messages (especially to premium rate or overseas numbers) – are being sent without you knowing about it
  • High data usage might point to a problem with your phone or an app you’ve installed
  • If the battery is draining rapidly check what apps or processes are running in the background in case anything is going on that you weren’t expecting

10 Erase personal info before reselling/recycling

If you’re thinking of selling or recycling your smartphone delete all apps and related data before securely erasing personal information. iPhone owners can use Apple’s factory reset to do this, Android and Windows Phone owners have similar options.

For more tips and information on staying safe online see: –

Online fraud – watch out for scam emails

Online fraudsters often target students at this time of year as they know you might be expecting emails from the Student Loans Company – or would really like an email saying you were entitled to a grant to help finance your studies (if you would just click this link to confirm your details…).

Students at some HE institutions (not HWU so far) have reported receiving emails like this recently…


and it’s a scam – so if you do receive a similar email please delete it.

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates i.e. September, January and April
  • Check that you’re using a secure website when submitting credit card or other sensitive information; look out for “https://” and/or the security lock
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

For more info and advice see

You should report any suspicious emails arriving in your @hw.ac.uk account to abuse@hw.ac.uk

Fraudulent phonecall pretending to be from Microsoft

A recent UCISA digest alerted us to phone call fraud incidents where staff on some university campuses are being contacted by so called Microsoft authorised support staff.  The approach taken by the fraudsters is to ask university staff to log in to ‘team viewer.com’ so that “Microsoft support” can rectify spam that is coming out of their computer.

The email or web address that the caller mentions is similar to microsofthelp.mac.com (or microsofthelp@mac.com).

Think about it: –

  • When working at HWU – it’s HWU that are Microsoft’s customer – not you as an individual.  Microsoft won’t be calling you at work.

Don’t give them any info. Hang up and report it to abuse@hw.ac.uk

  • If you get a similar call at home hang up.

Do you really think Microsoft have time to contact each of us individually to offer to fix our computer??

You might also want to take a look at the advice on the Microsoft site – http://www.microsoft.com/security/online-privacy/msname.aspx

Keep it long and strong!

You’ve probably heard it all before – but take a minute to scan what follows…it could help prevent tears before bedtime.

Some top tips from the Stay Safe Online web pages include: –

Protect Your Personal Information

  • Keep it long and strong – passwords should use a mixture of upper and lowercase letters, numbers and symbols.
  • Unique account, unique password – don’t use the same password for everything
  • Write it down and keep it safe. Keep a list of your passwords and keep secure away from your computer.
  • You don’t need to share everything – if there’s the option set security settings on websites to share just what you are comfortable with

Connect With Care

  • Take care when using Wi-Fi hotspots – adjust the security settings on your device to limit who can access your machine.
  • Protect your ££s: When banking and shopping look for web addresses with https:// or shttp://. Http:// isn’t secure.

Be Web Wise

  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

More info

October is Cyber Security Month across the globe (it started in the US – but it’s not really something that has geographic borders) – get more info at: –



The UK has it’s own Get Safe Online week (this year from 19th – 25th October).  See https://www.getsafeonline.org/blog/ for details.

Eduroam & Wi-Fi Maintenance (Edinburgh Campus): 1st September 2015

eduroamWe will be carrying out an essential security update on the Eduroam service on the morning of Tuesday 1st September 2015 between 8.00 am and 12.00 pm (BST).

Whilst any disruption to service should be minimal Eduroam should be considered “at risk”.

Please note that following the update which includes a new security certificate, your computer, tablet or phone may ask you to accept the new security certificate.

Guidance on using Eduroam (including the automated configuration tool) can be found at: http://www.hw.ac.uk/is/it-essentials/wifi.htm

Email Attachments containing .exe .vbs or .scr files

The Heriot-Watt email system will no longer allow the distribution of zipped email attachments containing .exe .vbs or .scr files (attachments will be removed from messages).

These file types are considered high risk as they are often used by spammers and phishers to distribute viruses and malware by email.

This change will come into effect w/c 8th June 2015.

If you have any queries regarding this change please contact the IT Helpdesk (ITHelp@hw.ac.uk).

Network Services Upgrade – Saturday 30th May 09:00 – 17:00

Network Services Upgrade

Due to a necessary network equipment upgrade, the following services will be unavailable or at risk on Saturday 30th May 2015 from 09:00 to 17:00

The services that are affected are HW Shared drives , Student Home directories and SharePoint.

The upgrade will provide an increase in available bandwidth for these services

Don’t become a Ransomware victim

ransomRansomware belongs to a family of malicious software that encrypts your files, making them unusable.  If you fall victim to ransomware you will be asked to pay a ransom before being given access to your files again.

There has been increased ransomware activity recently – in particular from a version called Ransom Crypto Locker – so you should be extra vigilant and cautious of any emails you receive that look at all suspicious.

Information Services can ensure that all reasonable technical preventative measures are in place, but we also need you to be mindful of the constant threat of malware and phishing emails.

Here are some reminders of things that you can do to help ensure that you don’t become a victim: –

  • DON’T open .ZIP attachments unless you have specifically requested them from the sender.
    View the email header or send a separate email to validate the sender before opening attachments.
  • Save work files to your Home drive (H:) or the shared folders (S:). These drives are backed-up regularly, but we can’t backup any non-networked drives for you, e.g. your C: drive, so you could lose any files saved on it in the event of a ransomware infection.
  • DON’T click embedded hyperlinks in email.
    Although the Crypto Locker ransomware is normally sent as .ZIP file, ransomware can also be downloaded from malicious websites.
  • Report suspect email to abuse@hw.ac.uk

More Information

McAfee recently posted an item in their KnowledgeBase on this topic – see KnowledgeBase threat advisory PD24786.