Heartbleed bug – phishers delight….

Many of you will have seen the security warnings in the press regarding the Heartbleed bug – see http://www.bbc.co.uk/news/technology-26954540

heartbleedAs a result of this we can all expect to see in increase in Phishing emails – so be extra suspicious of any emails that ask you to reset your password for a service that you use.

And be particularly wary of any emails that make things especially easy for you by including a link to the login screen.

If you want to change your password on a site

1. Open your web browser
2. Enter the URL you want to visit
3. Navigate to the login/change password screen

Don’t click the link to the login screen in the email

Remember

Companies, banks, Heriot-Watt University and other genuine institutions WILL NOT ask you for, or ask you to confirm, your credit card or bank details, PINs or passwords by email.

Log Out! We’re Under Attack

IS are responsible for keeping your managed desktop PCs well maintained and secure.

To help us do this we need to ensure that we keep your PC up to date with the latest security patches and software updates.

We can do this – with minimum disruption to you – overnight – when you are not logged in.

Unpatched machines can cause security risks because they: –

  1. are vulnerable to attacks that can compromise your data and personal information
  2. can provide a channel for malicious software to enter the University and attack other parts of the IT Infrastructure

Staff – help us to help you – log out of your PC and leave it logged off overnight at least once a week.owl

Remember – once a week – log out (and take the night off)!

Malware Protection measures

On Monday 31st March Information Services will activate an additional security feature for users of our Windows 7 Managed Desktop.

From the 31st March, if any unknown program attempts to run from within your User Profile folder (malicious programs nearly always run from your User Profile folder), an additional verification step will warn you about the program.

You will be prompted by the message below.

If you don’t recognise the program, click Cancel!

malware

Do not click “Run Application” unless you are sure the program is safe.

If you have any queries regarding this additional security measure, please contact ithelp@hw.ac.uk

Beware – take care – avoid getting caught by email or phishing scams

phishingPhishing attacks and email scams are becoming increasingly sophisticated – and even the most experienced users can easily be caught out.

These emails may be asking for personal details – or they may contain links, which when clicked, infect your computer with malware – which then spreads through your network – or encrypts your files (and then requests payment to give you access to the file again when you try to open it).

IS uses a number of different security measures to prevent these messages ever reaching your mailbox. However a small percentage of potentially harmful messages will occasionally get through.

Phishing attacks pretending to come from HMRC, banks, PayPal and other institutions that you probably work with online are commonplace – so be very wary ….

Examples and tips on identifying suspicious emails can be found on many sites e.g.

Inland Revenue
http://www.hmrc.gov.uk/security/examples.htm
PayPal
https://www.paypal.com/webapps/mpp/security/suspicious-activity
Lloyds
http://www.lloydsbank.com/help-guidance/security/phishing.asp
Outlook
http://office.microsoft.com/en-gb/outlook-help/identify-fraudulent-e-mail-and-phishing-schemes-HA001140002.aspx

If you think you have been caught

  • Change your passwords as soon as possible
  • Contact your bank or credit card company to get a hold put on your accounts

If you receive a phishing email into your @hw.ac.uk email report it to abuse@hw.ac.uk

See
https://informs.hw.ac.uk/2013/12/05/its-the-season-to-be-jolly-and-to-watch-out-for-phishing-scams/
https://informs.hw.ac.uk/2012/01/25/scam-email-warning/?relatedposts_exclude=8333

It’s the season to be jolly – and to watch out for phishing scams…

What are they

phishingPhishing scams try to trick you into providing sensitive personal information e.g. your credit card or bank details.
The scammers do this by sending you an email disguised as an official request for information. They’ll pretend to be a legitimate company – often one that you actually do business with – and they might create a  website that closely resembles the company’s official site.

The scams can be very good – and look very authentic – so it can be easy to get taken in if you’re not careful.

There are often more phishing emails sent at this time of year – the scammers know we’re busy with our online shopping – and that some of us could be easy targets.

If you get caught by phishing scam, the scammers could

  • Take over your bank account – and transfer funds from it to their own accounts
  • Use your credit card details – to buy stuff that you end up getting charged for
  • Steal your identity – and then carry out all sorts of fraudulent activities in your name

It can take months (or years) to clear your name if you become a victim – you might need to sort out legal issues, recover from debt and repair damaged credit ratings – so it’s best not to get caught.

If you think you have received a phishing email

Don’t

  • Click on any links
  • Supply any personal information
  • Reply to the email or try to contact the senders
  • Supply any information on the website that may appear (if you have clicked a link in the email)
  • Open any of the email attachments

Do

  • Ignore it
  • Delete it
  • If it has come into your @hw.ac.uk email report it to abuse@hw.ac.uk

If you think you have been caught

  • Change your passwords as soon as possible
  • Contact your bank or credit card company to get a hold put on your accounts

Remember

Companies, banks, Heriot-Watt University and other genuine institutions WILL NOT ask you for, or ask you to confirm, your credit card or bank details, PINs or passwords by email.

If you receive an email that you want to check out, phone the company to find out if they have sent it (using a phone number from correspondence you have already had with them – not by using one in the email you think might be a scam).

Don’t get caught!

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags