Be vigilant for phishing and scam emails

Be vigilant for phishing and scam emails

We regularly receive reports from staff and students of suspicious emails e.g. false vaccination appointments, bogus HMRC tax refunds etc.
These can appear to be very believable and sophisticated and sometimes scammers can take names from university or company websites and then create other email accounts so the sender details look correct.

What to do:
If you think you have received a phishing email to your @hw.ac.uk account
Do not click on any links
Do not open any attachments
Don’t reply to the message

Information Services Help:
To notify Information Services of a phishing email, or you have concerns about whether an email is real or not,  please forward it to phishing@hw.ac.uk  and then delete it.


If you have received a phishing email, accidently clicked the link in it and provided your university credentials (username and password), please send an email to ishelp.hw.ac.uk for assistance.

Accounts that are suspected to be compromised will be blocked automatically for security purposes. 
If your account has been blocked because of this, please send an email to ishelp.hw.ac.uk for assistance.

Information Services are constantly working to make systems including emails as safe and secure as possible.
Planning is underway to implement Multi Factor Authentication for staff and then students to improve staff and student security and their data.

Top tips to help you spot phishing emails

(phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication).

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates or connected to newsworthy events
  • Check that you’re using a secure website when submitting credit card or other sensitive information.
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

Warning regarding Sci-Hub website and phishing attacks

Sci-Hub is an illegal website which poses serious security risks and should be avoided by University students and staff.
Police have warned against using websites, and Sci-Hub, in particular that allow users to illegally access scientific research papers. 

The Sci-Hub website will be blocked for accessing on campus but it is important that students and staff do not access the site from home or off campus.

Sci-Hub obtains the papers through a variety of malicious means, such as the use of phishing emails to trick university staff and students into divulging their login credentials. 
Sci Hub then use this to compromise the university’s network and download the research papers” 
The City of London Police’s Intellectual Property Crime Unit (PIPCU) press release

Phishing emails – ‘REFUND CONFIRMATION – Heriot-Watt University Student’

We have had reports of staff and students receiving phishing emails this afternoon. 

Some have a subject line of  REFUND CONFIRMATION – Heriot-Watt University Student – and a link to claim a tax refund.  Some are requesting bank details for refunds.  

Do NOT click on the link in the email 

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • Forward the email to abuse@hw.ac.uk
  • Delete it

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure website when submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

 

Phishing emails – “Annual refund”

Phishing emails “Heriot-Watt University – Valuation Office Agency – Annual refund”

A high volume of phishing emails have been received by staff and students this afternoon.  Some are requesting bank details for refunds similar to the example below.

Do NOT click on the link in the email 

Phishing email example

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • Forward the email to abuse@hw.ac.uk
  • Delete it

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure website when submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

 

Heriot-Watt secures Cyber Essentials Plus accreditation #InformationServices

We have recently been awarded Cyber Essentials Plus accreditation in information security following an audit by a Scottish Government approved assessment body, ID Cyber Solutions.

The UK government scheme, which is specifically designed for public sector organisations in the UK, is a globally recognised certification that serves as a kite mark for industries around the world and is increasing becoming a requirement for research funders.

Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and safeguarding data

Kathy McCabe, Global Director Information Services

The certification covers the entire range of IT services provided within the university. It includes an assurance framework and a set of security controls to protect information from threats coming from the internet. Cyber Essentials Plus includes additional independent testing which requires an on-site technical assessment.

We achieved accreditation by the 31st October 2018 target date set out by the Scottish Government as part of its Cyber Resilience Strategy for Scotland, making it the largest Scottish University of our size and complexity to achieve the CE+ certification to date.

Kathy McCabe, Global Director of Information Services labelled the certification a huge achievement and an absolute credit to the teams involved”, saying it was the “culmination of many thousands of hours of work undertaken by an institution-wide team of dedicated colleagues.”

She added: “Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and  safeguarding data. But more than that, it provides the necessary accreditation to access funding from a range of funders, a proactive step giving Heriot-Watt an advantage over other HEIs/competitors.” 

Congratulations to everyone involved.

Cyber-EssentialsPlus-forweb (1)

‘Payment submitted’ – spam and phishing emails

Phishing emails with ‘Payment submitted’  in the subject line similar to those below are doing the rounds – please beware

spam emailIf you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • forward the email to abuse@hw.ac.uk
  • delete it
  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

  • Tags