Avoid the 12 scams of the season….

View the full version of the 12 scams of the season (that you’d rather avoid) on the McAfee blog.

12Scams2014_Infographic_24Oct2014_FINAL-749x1024

Tips for setting your university password

If you are a new student at HWU you will  be issued with a confirmation letter with your IT UserID and password on it at the end of the enrolment process.

This UserID and password is used to log into a number of centrally supported services e.g.

  • University desktop PCs
  • Vision
  • WebMail
  • Wifi
  • Library resources e.g. databases and other electronic resources when off-campus

The IT password on your confirmation letter is randomly generated – so you could change this to something that you will remember more easily.

passwordTips when choosing a new password

  • Make it at least 8 characters long (between 8 – 14 is recommended)
  • Don’t use words in any in any dictionary of any language
  • Use a mixture of upper and lower case, numbers and symbols
  • Make it something you will remember – but others will find difficult to guess (it’s a good idea to use an acronym for something that is meaningful to you)
  • Substitute some letters with numbers and symbols

Examples

My favorite sport is squash could be abbreviated and then coded to become m1f4vs1s
or
Sunshine and showers in Scotland could become ss&551n5l4nd

Bad passwords (just a few examples…)

  • password
  • qwerty
  • iloveyou
  • 123456 (or any extension of…)
  • abc123
  • zxcvbn

Watch a short video on choosing passwords – http://youtu.be/VYzguTdOmmU

To change your passwordchangepassword

  1. Double click the change password icon on the HWU desktop (or go to http://my.hw.ac.uk/passwords)
  2. Click Change My Password
  3. Complete the details as required

Note: you can also reset your password at the same place by choosing Forgot My Password

And remember, don’t …

  • share your password with anyone
  • write it down and keep it on your desk (or anywhere else anyone can pick it up)

See Passwords and PINs

Heartbleed bug – phishers delight….

Many of you will have seen the security warnings in the press regarding the Heartbleed bug – see http://www.bbc.co.uk/news/technology-26954540

heartbleedAs a result of this we can all expect to see in increase in Phishing emails – so be extra suspicious of any emails that ask you to reset your password for a service that you use.

And be particularly wary of any emails that make things especially easy for you by including a link to the login screen.

If you want to change your password on a site

1. Open your web browser
2. Enter the URL you want to visit
3. Navigate to the login/change password screen

Don’t click the link to the login screen in the email

Remember

Companies, banks, Heriot-Watt University and other genuine institutions WILL NOT ask you for, or ask you to confirm, your credit card or bank details, PINs or passwords by email.

Log Out! We’re Under Attack

IS are responsible for keeping your managed desktop PCs well maintained and secure.

To help us do this we need to ensure that we keep your PC up to date with the latest security patches and software updates.

We can do this – with minimum disruption to you – overnight – when you are not logged in.

Unpatched machines can cause security risks because they: –

  1. are vulnerable to attacks that can compromise your data and personal information
  2. can provide a channel for malicious software to enter the University and attack other parts of the IT Infrastructure

Staff – help us to help you – log out of your PC and leave it logged off overnight at least once a week.owl

Remember – once a week – log out (and take the night off)!

Malware Protection measures

On Monday 31st March Information Services will activate an additional security feature for users of our Windows 7 Managed Desktop.

From the 31st March, if any unknown program attempts to run from within your User Profile folder (malicious programs nearly always run from your User Profile folder), an additional verification step will warn you about the program.

You will be prompted by the message below.

If you don’t recognise the program, click Cancel!

malware

Do not click “Run Application” unless you are sure the program is safe.

If you have any queries regarding this additional security measure, please contact ithelp@hw.ac.uk

Beware – take care – avoid getting caught by email or phishing scams

phishingPhishing attacks and email scams are becoming increasingly sophisticated – and even the most experienced users can easily be caught out.

These emails may be asking for personal details – or they may contain links, which when clicked, infect your computer with malware – which then spreads through your network – or encrypts your files (and then requests payment to give you access to the file again when you try to open it).

IS uses a number of different security measures to prevent these messages ever reaching your mailbox. However a small percentage of potentially harmful messages will occasionally get through.

Phishing attacks pretending to come from HMRC, banks, PayPal and other institutions that you probably work with online are commonplace – so be very wary ….

Examples and tips on identifying suspicious emails can be found on many sites e.g.

Inland Revenue
http://www.hmrc.gov.uk/security/examples.htm
PayPal
https://www.paypal.com/webapps/mpp/security/suspicious-activity
Lloyds
http://www.lloydsbank.com/help-guidance/security/phishing.asp
Outlook
http://office.microsoft.com/en-gb/outlook-help/identify-fraudulent-e-mail-and-phishing-schemes-HA001140002.aspx

If you think you have been caught

  • Change your passwords as soon as possible
  • Contact your bank or credit card company to get a hold put on your accounts

If you receive a phishing email into your @hw.ac.uk email report it to abuse@hw.ac.uk

See
https://informs.hw.ac.uk/2013/12/05/its-the-season-to-be-jolly-and-to-watch-out-for-phishing-scams/
https://informs.hw.ac.uk/2012/01/25/scam-email-warning/?relatedposts_exclude=8333

It’s the season to be jolly – and to watch out for phishing scams…

What are they

phishingPhishing scams try to trick you into providing sensitive personal information e.g. your credit card or bank details.
The scammers do this by sending you an email disguised as an official request for information. They’ll pretend to be a legitimate company – often one that you actually do business with – and they might create a  website that closely resembles the company’s official site.

The scams can be very good – and look very authentic – so it can be easy to get taken in if you’re not careful.

There are often more phishing emails sent at this time of year – the scammers know we’re busy with our online shopping – and that some of us could be easy targets.

If you get caught by phishing scam, the scammers could

  • Take over your bank account – and transfer funds from it to their own accounts
  • Use your credit card details – to buy stuff that you end up getting charged for
  • Steal your identity – and then carry out all sorts of fraudulent activities in your name

It can take months (or years) to clear your name if you become a victim – you might need to sort out legal issues, recover from debt and repair damaged credit ratings – so it’s best not to get caught.

If you think you have received a phishing email

Don’t

  • Click on any links
  • Supply any personal information
  • Reply to the email or try to contact the senders
  • Supply any information on the website that may appear (if you have clicked a link in the email)
  • Open any of the email attachments

Do

  • Ignore it
  • Delete it
  • If it has come into your @hw.ac.uk email report it to abuse@hw.ac.uk

If you think you have been caught

  • Change your passwords as soon as possible
  • Contact your bank or credit card company to get a hold put on your accounts

Remember

Companies, banks, Heriot-Watt University and other genuine institutions WILL NOT ask you for, or ask you to confirm, your credit card or bank details, PINs or passwords by email.

If you receive an email that you want to check out, phone the company to find out if they have sent it (using a phone number from correspondence you have already had with them – not by using one in the email you think might be a scam).

Don’t get caught!

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags