Ransomware strikes again

Users are reminded to remain vigilant as yet another international cyber-attack affects computers across the globe.

Machines affected by this attack will display a message like:

Repairing file system on C:

The type of the file system is NTFS.
One of your disks contains errors and needs to be repaired. This process may take several hours to complete. It is strongly recommended to let it complete.


CHKDSK is repairing sector xxxxx of xxxxxxxx (x%)

If you have this or a similar message displayed on your screen disconnect your PC  immediately and contact ithelp@hw.ac.uk

See Global ransomware attack causes turmoil to keep up to date with this story in the news.

Ransomware attack

You will have noticed the high profile ransomware attack that has been in the news over the past few days. (http://www.bbc.co.uk/news/technology-39915440)

Information Services are monitoring our systems and have the necessary precautions in place to minimise the risks from ransomware, however, staff and students should remain vigilant at all times.

In particular, please be suspicious of any emails received from unknown sources with attachments or links:

  • Do not click on suspicious links
  • Do not open email attachments
  • Forward the email to abuse@hw.ac.uk
  • Do not plug in unattended USB devices that are found

Typically ransomware will be hidden in emails that look like invoices for goods, communication from the tax office (HMRC) or your bank, requests to authenticate your accounts (confirm your user name and password) following an update etc.

If you use a machine that is not on the managed desktop please ensure that you

  • Update all Anti-Virus
  • Have a backup in place and that it is operational
  • Use minimal user permissions where possible

Can we remind all users to log out from their machines at the end of the working day. Information Services apply updates and patches to managed machines overnight and some patches do not apply until a machine is restarted.

If you have not logged out and restarted your machine for a few days please do so.

See https://www.getsafeonline.org/protecting-yourself/ransomware/ for more information on protecting against ransomware.

Tax refund phishing scam alert!

The phishing email below is doing the rounds – so don’t get caught out! If you think you have received a phishing email

  • DON’T click on any links
  • forward it to abuse@hw.ac.uk
  • delete it


Pointers that indicate that this is a scam include: –

  • poor grammar/proofing of text – note the capital “W” after a comma in the first line
  • the URL that the link points to doesn’t look anything like an HMRC URL
  • the URL isn’t secure – it’s http, not https

There are often phishing scams from fraudsters pretending to be HM Revenue and Customs. At certain times of year (like when the tax return deadline looms closer) you tend to get more than usual.

For more information on spotting the difference between genuine HMRC emails and phishing emails see Genuine HM Revenue and Customs contact and recognizing phishing emails

But remember – it’s not just HMRC that fraudsters pretend to be – so be vigilant!

Top tips to help you protect your mobile devices

1 Lock your smartphone/tablet

Restrict access to your phone by using a pin, password, complex swipe or other option. If it gets lost or stolen it’ll be more difficult for someone to access your information on it. Check the settings and enable automatic screen locking after several minutes of non-use.

2 Install software that lets you find/lock/wipe/disable your device

Many smartphones come with easy options to help you locate your device, flash up a message on screen to anyone finding it or to activate a loud noise to aid recovery or deter a thief. Or you could consider a stand-alone app.

3 Install anti-virus software

Every device you connect to the internet needs protecting from viruses and malware.

4 Keep up with the updates

If it’s an option turn on automatic updates so that you don’t forget. We’d recommend that you apply operating system updates when they’re made available.

5 Be cautious about the apps you install

It’s best to stick with the official marketplaces. Be wary about permissions requested during the installation process – does that free app really need to be able to read/send text messages or access your camera?

6 Backup your device regularly

Your mobile device will inevitably end up holding lots of data. Good housekeeping is recommended – you should routinely remove data that doesn’t need to be kept on your phone and back up what does.

7 Be wary of free Wi-Fi

Stick with trusted data connections or your home Wi-Fi for sensitive activities like banking transactions and purchases – and stick to secure sites – look out for https:// in the address bar, and check the padlock on the stats bar (click or double click on it to see details of the site’s security).

8 Don’t click on links (or open files) you weren’t expecting

Delete text spam – avoid responding to lottery or competition messages or clicking on links they include to strange looking websites.  If you read your personal or business emails on your phone keep a look out for phishing messages.

9 Be alert to your smartphone behaving oddly

  • Check your bills to see if text messages (especially to premium rate or overseas numbers) – are being sent without you knowing about it
  • High data usage might point to a problem with your phone or an app you’ve installed
  • If the battery is draining rapidly check what apps or processes are running in the background in case anything is going on that you weren’t expecting

10 Erase personal info before reselling/recycling

If you’re thinking of selling or recycling your smartphone delete all apps and related data before securely erasing personal information. iPhone owners can use Apple’s factory reset to do this, Android and Windows Phone owners have similar options.

For more tips and information on staying safe online see: –

Online fraud – watch out for scam emails

Online fraudsters often target students at this time of year as they know you might be expecting emails from the Student Loans Company – or would really like an email saying you were entitled to a grant to help finance your studies (if you would just click this link to confirm your details…).

Students at some HE institutions (not HWU so far) have reported receiving emails like this recently…


and it’s a scam – so if you do receive a similar email please delete it.

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates i.e. September, January and April
  • Check that you’re using a secure website when submitting credit card or other sensitive information; look out for “https://” and/or the security lock
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

For more info and advice see

You should report any suspicious emails arriving in your @hw.ac.uk account to abuse@hw.ac.uk

Fraudulent phonecall pretending to be from Microsoft

A recent UCISA digest alerted us to phone call fraud incidents where staff on some university campuses are being contacted by so called Microsoft authorised support staff.  The approach taken by the fraudsters is to ask university staff to log in to ‘team viewer.com’ so that “Microsoft support” can rectify spam that is coming out of their computer.

The email or web address that the caller mentions is similar to microsofthelp.mac.com (or microsofthelp@mac.com).

Think about it: –

  • When working at HWU – it’s HWU that are Microsoft’s customer – not you as an individual.  Microsoft won’t be calling you at work.

Don’t give them any info. Hang up and report it to abuse@hw.ac.uk

  • If you get a similar call at home hang up.

Do you really think Microsoft have time to contact each of us individually to offer to fix our computer??

You might also want to take a look at the advice on the Microsoft site – http://www.microsoft.com/security/online-privacy/msname.aspx

Keep it long and strong!

You’ve probably heard it all before – but take a minute to scan what follows…it could help prevent tears before bedtime.

Some top tips from the Stay Safe Online web pages include: –

Protect Your Personal Information

  • Keep it long and strong – passwords should use a mixture of upper and lowercase letters, numbers and symbols.
  • Unique account, unique password – don’t use the same password for everything
  • Write it down and keep it safe. Keep a list of your passwords and keep secure away from your computer.
  • You don’t need to share everything – if there’s the option set security settings on websites to share just what you are comfortable with

Connect With Care

  • Take care when using Wi-Fi hotspots – adjust the security settings on your device to limit who can access your machine.
  • Protect your ££s: When banking and shopping look for web addresses with https:// or shttp://. Http:// isn’t secure.

Be Web Wise

  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

More info

October is Cyber Security Month across the globe (it started in the US – but it’s not really something that has geographic borders) – get more info at: –



The UK has it’s own Get Safe Online week (this year from 19th – 25th October).  See https://www.getsafeonline.org/blog/ for details.

Eduroam & Wi-Fi Maintenance (Edinburgh Campus): 1st September 2015

eduroamWe will be carrying out an essential security update on the Eduroam service on the morning of Tuesday 1st September 2015 between 8.00 am and 12.00 pm (BST).

Whilst any disruption to service should be minimal Eduroam should be considered “at risk”.

Please note that following the update which includes a new security certificate, your computer, tablet or phone may ask you to accept the new security certificate.

Guidance on using Eduroam (including the automated configuration tool) can be found at: http://www.hw.ac.uk/is/it-essentials/wifi.htm

Email Attachments containing .exe .vbs or .scr files

The Heriot-Watt email system will no longer allow the distribution of zipped email attachments containing .exe .vbs or .scr files (attachments will be removed from messages).

These file types are considered high risk as they are often used by spammers and phishers to distribute viruses and malware by email.

This change will come into effect w/c 8th June 2015.

If you have any queries regarding this change please contact the IT Helpdesk (ITHelp@hw.ac.uk).

Network Services Upgrade – Saturday 30th May 09:00 – 17:00

Network Services Upgrade

Due to a necessary network equipment upgrade, the following services will be unavailable or at risk on Saturday 30th May 2015 from 09:00 to 17:00

The services that are affected are HW Shared drives , Student Home directories and SharePoint.

The upgrade will provide an increase in available bandwidth for these services

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags