All posts tagged Security

Multi Factor Authentication for Staff

Setting up Multi-Factor Authentication

1. Download the Microsoft Authenticator App to your mobile phone.
You can get the Microsoft Authenticator App for Apple iPhones here https://apps.apple.com/gb/app/microsoft-authenticator/id983156458
and for Android phones (e.g., Samsung/Google/Motorola/OnePlus/Huawei etc) https://play.google.com/store/apps/details?id=com.azure.authenticator

2.  Multi-Factor Authentication has been enabled on your account.
You will be prompted to set up MFA next time you authenticate to any Office 365 services. On your PC or laptop device, once you’ve entered your username and password as usual, you’ll see the following screen:

Click ‘Next’ and the Additional security verification screen will appear. In the drop-down box, select ‘Mobile App’ and ‘Receive notifications for verification’ as in the image below.

Now click ‘Set up’ – you’ll see the next screen:

3. On your mobile phone, start the Microsoft Authenticator App.

Once in the App, you need to:

  • Click on the 3 dots in the top right-hand corner of the screen
  • Click ‘Add account’
  • Select ‘Work or school account’
  • Select ‘Scan a QR code’
  • Allow any permissions for your app to use the phone camera
  • Scan the QR code on your screen using your phone. The account is now linked to your App.

4. On your PC, click ‘Next’ and you should see a message indicating that the App has been set up. You can click Next again – at this point you will be asked to respond to a pop-up notification on your phone from the Authenticator App – this is how you will be prompted every time you access your account on an unknown device.

Once the setup is complete, you’ll be prompted to enter a phone number. Please provide this: it will help if, for some reason, you lose access through the App. The phone number will not be used for marketing purposes.

Click ‘Finish’.  Your account is secured with Microsoft Multi-Factor Authentication. Nobody can access your HWU account without being in possession of your username, password, and – most importantly – your unlocked mobile phone.

2 Comments
by cdonlan on 30 September 2021  •  Permalink
Posted in Apps, HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Software, Staff
Tagged , ,

Posted by cdonlan on 30 September 2021

https://informs.hw.ac.uk/2021/09/30/multi-factor-authentication-for-staff/

Security issue – Android Device users Scam Alert

There have been widespread reports of a new scam affecting Android users called “Flubot”

This is a text-message scam that infects Android phones and is spreading across the UK. The message – which pretends to be from a package delivery firm, prompts users to install a tracking app – but is actually a malicious piece of spyware.

Crucially, it can take over devices and spy on phones to gather confidential data, including things such as sensitive work information or online banking details.

It has been reported on BBC news https://www.bbc.co.uk/news/technology-56859091

If you receive a text message that looks like the one below:
IGNORE: Do not click any links.
DELETE: Remove the text from your phone

Leave a comment
by cdonlan on 26 April 2021  •  Permalink
Posted in Email, HWU at SBC, HWU Edinburgh, News and Information, Security, Social Media, Staff, Student
Tagged ,

Posted by cdonlan on 26 April 2021

https://informs.hw.ac.uk/2021/04/26/security-issue-android-device-users-scam-alert/

Be vigilant for phishing and scam emails

Be vigilant for phishing and scam emails

We regularly receive reports from staff and students of suspicious emails e.g. false vaccination appointments, bogus HMRC tax refunds etc.
These can appear to be very believable and sophisticated and sometimes scammers can take names from university or company websites and then create other email accounts so the sender details look correct.

What to do:
If you think you have received a phishing email to your @hw.ac.uk account
Do not click on any links
Do not open any attachments
Don’t reply to the message

Information Services Help:
To notify Information Services of a phishing email, or you have concerns about whether an email is real or not,  please forward it to phishing@hw.ac.uk  and then delete it.


If you have received a phishing email, accidently clicked the link in it and provided your university credentials (username and password), please send an email to ishelp.hw.ac.uk for assistance.

Accounts that are suspected to be compromised will be blocked automatically for security purposes. 
If your account has been blocked because of this, please send an email to ishelp.hw.ac.uk for assistance.

Information Services are constantly working to make systems including emails as safe and secure as possible.
Planning is underway to implement Multi Factor Authentication for staff and then students to improve staff and student security and their data.

Top tips to help you spot phishing emails

(phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication).

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates or connected to newsworthy events
  • Check that you’re using a secure website when submitting credit card or other sensitive information.
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators
Leave a comment
by cdonlan on 23 March 2021  •  Permalink
Posted in Email, HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security, Staff, Student
Tagged

Posted by cdonlan on 23 March 2021

https://informs.hw.ac.uk/2021/03/23/be-vigilant-for-phishing-and-scam-emails/

Warning regarding Sci-Hub website and phishing attacks

Sci-Hub is an illegal website which poses serious security risks and should be avoided by University students and staff.
Police have warned against using websites, and Sci-Hub, in particular that allow users to illegally access scientific research papers. 

The Sci-Hub website will be blocked for accessing on campus but it is important that students and staff do not access the site from home or off campus.

Sci-Hub obtains the papers through a variety of malicious means, such as the use of phishing emails to trick university staff and students into divulging their login credentials. 
Sci Hub then use this to compromise the university’s network and download the research papers” 
The City of London Police’s Intellectual Property Crime Unit (PIPCU) press release

Leave a comment
by cdonlan on 23 March 2021  •  Permalink
Posted in HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security, Staff, Student
Tagged ,

Posted by cdonlan on 23 March 2021

https://informs.hw.ac.uk/2021/03/23/warning-regarding-sci-hub-website-and-phishing-attacks/

Phishing emails – ‘REFUND CONFIRMATION – Heriot-Watt University Student’

We have had reports of staff and students receiving phishing emails this afternoon. 

Some have a subject line of  REFUND CONFIRMATION – Heriot-Watt University Student – and a link to claim a tax refund.  Some are requesting bank details for refunds.  

Do NOT click on the link in the email 

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • Forward the email to abuse@hw.ac.uk
  • Delete it

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure website when submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

 

Leave a comment
by cdonlan on 10 March 2020  •  Permalink
Posted in helpdesk, HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security, Staff, Student
Tagged ,

Posted by cdonlan on 10 March 2020

https://informs.hw.ac.uk/2020/03/10/phishing-emails-refund-confirmation-heriot-watt-university-student/

Phishing emails – “Annual refund”

Phishing emails “Heriot-Watt University – Valuation Office Agency – Annual refund”

A high volume of phishing emails have been received by staff and students this afternoon.  Some are requesting bank details for refunds similar to the example below.

Do NOT click on the link in the email 

Phishing email example

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • Forward the email to abuse@hw.ac.uk
  • Delete it

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure website when submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

 

1 Comment
by cdonlan on 08 January 2020  •  Permalink
Posted in Email, helpdesk, HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security
Tagged ,

Posted by cdonlan on 08 January 2020

https://informs.hw.ac.uk/2020/01/08/phishing-emails-annual-refund/

Heriot-Watt secures Cyber Essentials Plus accreditation #InformationServices

We have recently been awarded Cyber Essentials Plus accreditation in information security following an audit by a Scottish Government approved assessment body, ID Cyber Solutions.

The UK government scheme, which is specifically designed for public sector organisations in the UK, is a globally recognised certification that serves as a kite mark for industries around the world and is increasing becoming a requirement for research funders.

Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and safeguarding data

Kathy McCabe, Global Director Information Services

The certification covers the entire range of IT services provided within the university. It includes an assurance framework and a set of security controls to protect information from threats coming from the internet. Cyber Essentials Plus includes additional independent testing which requires an on-site technical assessment.

We achieved accreditation by the 31st October 2018 target date set out by the Scottish Government as part of its Cyber Resilience Strategy for Scotland, making it the largest Scottish University of our size and complexity to achieve the CE+ certification to date.

Kathy McCabe, Global Director of Information Services labelled the certification a huge achievement and an absolute credit to the teams involved”, saying it was the “culmination of many thousands of hours of work undertaken by an institution-wide team of dedicated colleagues.”

She added: “Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and  safeguarding data. But more than that, it provides the necessary accreditation to access funding from a range of funders, a proactive step giving Heriot-Watt an advantage over other HEIs/competitors.” 

Congratulations to everyone involved.

Cyber-EssentialsPlus-forweb (1)

1 Comment
by cdonlan on 15 November 2018  •  Permalink
Posted in HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security
Tagged

Posted by cdonlan on 15 November 2018

https://informs.hw.ac.uk/2018/11/15/heriot-watt-secures-cyber-essentials-plus-accreditation-informationservices/

‘Payment submitted’ – spam and phishing emails

Phishing emails with ‘Payment submitted’  in the subject line similar to those below are doing the rounds – please beware

spam emailIf you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • forward the email to abuse@hw.ac.uk
  • delete it
1 Comment
by cdonlan on 10 May 2018  •  Permalink
Posted in HWU at SBC, HWU Dubai, HWU Edinburgh, HWU Malaysia, HWU Orkney, News and Information, Security
Tagged

Posted by cdonlan on 10 May 2018

https://informs.hw.ac.uk/2018/05/10/payment-submitted-spam-and-phishing-emails/

  • Recent Posts

  • Follow HWU_IS on Twitter

  • Archives

  • Categories

  • Subscribe

    Subscribe to InformS by Email
    Subscribe to InformS by RSS

  • Tags

    #12ReadsofXmas books Click and Collect discovery eBooks Edinburgh Edinburgh campus Feedback hardware helpdesk IDcards IT library Library building opening hours Phishing Printing Resources Security Software studyspace Study space Update VISION wifi
%d bloggers like this: