Online fraud – watch out for scam emails

Online fraudsters often target students at this time of year as they know you might be expecting emails from the Student Loans Company – or would really like an email saying you were entitled to a grant to help finance your studies (if you would just click this link to confirm your details…).

Students at some HE institutions (not HWU so far) have reported receiving emails like this recently…


and it’s a scam – so if you do receive a similar email please delete it.

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates i.e. September, January and April
  • Check that you’re using a secure website when submitting credit card or other sensitive information; look out for “https://” and/or the security lock
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

For more info and advice see

You should report any suspicious emails arriving in your account to

Fraudulent phonecall pretending to be from Microsoft

A recent UCISA digest alerted us to phone call fraud incidents where staff on some university campuses are being contacted by so called Microsoft authorised support staff.  The approach taken by the fraudsters is to ask university staff to log in to ‘team’ so that “Microsoft support” can rectify spam that is coming out of their computer.

The email or web address that the caller mentions is similar to (or

Think about it: –

  • When working at HWU – it’s HWU that are Microsoft’s customer – not you as an individual.  Microsoft won’t be calling you at work.

Don’t give them any info. Hang up and report it to

  • If you get a similar call at home hang up.

Do you really think Microsoft have time to contact each of us individually to offer to fix our computer??

You might also want to take a look at the advice on the Microsoft site –

Keep it long and strong!

You’ve probably heard it all before – but take a minute to scan what follows…it could help prevent tears before bedtime.

Some top tips from the Stay Safe Online web pages include: –

Protect Your Personal Information

  • Keep it long and strong – passwords should use a mixture of upper and lowercase letters, numbers and symbols.
  • Unique account, unique password – don’t use the same password for everything
  • Write it down and keep it safe. Keep a list of your passwords and keep secure away from your computer.
  • You don’t need to share everything – if there’s the option set security settings on websites to share just what you are comfortable with

Connect With Care

  • Take care when using Wi-Fi hotspots – adjust the security settings on your device to limit who can access your machine.
  • Protect your ££s: When banking and shopping look for web addresses with https:// or shttp://. Http:// isn’t secure.

Be Web Wise

  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

More info

October is Cyber Security Month across the globe (it started in the US – but it’s not really something that has geographic borders) – get more info at: –

The UK has it’s own Get Safe Online week (this year from 19th – 25th October).  See for details.

Eduroam & Wi-Fi Maintenance (Edinburgh Campus): 1st September 2015

eduroamWe will be carrying out an essential security update on the Eduroam service on the morning of Tuesday 1st September 2015 between 8.00 am and 12.00 pm (BST).

Whilst any disruption to service should be minimal Eduroam should be considered “at risk”.

Please note that following the update which includes a new security certificate, your computer, tablet or phone may ask you to accept the new security certificate.

Guidance on using Eduroam (including the automated configuration tool) can be found at:

Email Attachments containing .exe .vbs or .scr files

The Heriot-Watt email system will no longer allow the distribution of zipped email attachments containing .exe .vbs or .scr files (attachments will be removed from messages).

These file types are considered high risk as they are often used by spammers and phishers to distribute viruses and malware by email.

This change will come into effect w/c 8th June 2015.

If you have any queries regarding this change please contact the IT Helpdesk (

Network Services Upgrade – Saturday 30th May 09:00 – 17:00

Network Services Upgrade

Due to a necessary network equipment upgrade, the following services will be unavailable or at risk on Saturday 30th May 2015 from 09:00 to 17:00

The services that are affected are HW Shared drives , Student Home directories and SharePoint.

The upgrade will provide an increase in available bandwidth for these services

Don’t become a Ransomware victim

ransomRansomware belongs to a family of malicious software that encrypts your files, making them unusable.  If you fall victim to ransomware you will be asked to pay a ransom before being given access to your files again.

There has been increased ransomware activity recently – in particular from a version called Ransom Crypto Locker – so you should be extra vigilant and cautious of any emails you receive that look at all suspicious.

Information Services can ensure that all reasonable technical preventative measures are in place, but we also need you to be mindful of the constant threat of malware and phishing emails.

Here are some reminders of things that you can do to help ensure that you don’t become a victim: –

  • DON’T open .ZIP attachments unless you have specifically requested them from the sender.
    View the email header or send a separate email to validate the sender before opening attachments.
  • Save work files to your Home drive (H:) or the shared folders (S:). These drives are backed-up regularly, but we can’t backup any non-networked drives for you, e.g. your C: drive, so you could lose any files saved on it in the event of a ransomware infection.
  • DON’T click embedded hyperlinks in email.
    Although the Crypto Locker ransomware is normally sent as .ZIP file, ransomware can also be downloaded from malicious websites.
  • Report suspect email to

More Information

McAfee recently posted an item in their KnowledgeBase on this topic – see KnowledgeBase threat advisory PD24786.

Avoid the 12 scams of the season….

View the full version of the 12 scams of the season (that you’d rather avoid) on the McAfee blog.


Tips for setting your university password

If you are a new student at HWU you will  be issued with a confirmation letter with your IT UserID and password on it at the end of the enrolment process.

This UserID and password is used to log into a number of centrally supported services e.g.

  • University desktop PCs
  • Vision
  • WebMail
  • Wifi
  • Library resources e.g. databases and other electronic resources when off-campus

The IT password on your confirmation letter is randomly generated – so you could change this to something that you will remember more easily.

passwordTips when choosing a new password

  • Make it at least 8 characters long (between 8 – 14 is recommended)
  • Don’t use words in any in any dictionary of any language
  • Use a mixture of upper and lower case, numbers and symbols
  • Make it something you will remember – but others will find difficult to guess (it’s a good idea to use an acronym for something that is meaningful to you)
  • Substitute some letters with numbers and symbols


My favorite sport is squash could be abbreviated and then coded to become m1f4vs1s
Sunshine and showers in Scotland could become ss&551n5l4nd

Bad passwords (just a few examples…)

  • password
  • qwerty
  • iloveyou
  • 123456 (or any extension of…)
  • abc123
  • zxcvbn

Watch a short video on choosing passwords –

To change your passwordchangepassword

  1. Double click the change password icon on the HWU desktop (or go to
  2. Click Change My Password
  3. Complete the details as required

Note: you can also reset your password at the same place by choosing Forgot My Password

And remember, don’t …

  • share your password with anyone
  • write it down and keep it on your desk (or anywhere else anyone can pick it up)

See Passwords and PINs

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags