When Things Go Wrong

To report any Cyber Security incident relating to any university systems, services or devices, please contact the IT Service Desk immediately on 01228 888888 or via the IT Service Desk Web Portal.

Activities commonly recognised as cyber incidents are:

• attempts to gain unauthorised access to a system and/or to data

• the unauthorised use of systems and/or data

• modification of a system's firmware, software or hardware without the system-owner's consent

• malicious disruption and/or denial of service

Staff:

If you suspect a personal data breach please follow the Data Breach guidance available on SharePoint. Further information regarding data protection can be found on the GDPR page within StaffHub. (These links require a staff login)

University password

If you suspect that someone else knows your university password, you must take the following actions:

• Change your university password immediately (Password Reset Service).
• Contact the IT Service Desk.
• Check your email Sent Items (for emails you didn't send).
• Check your library account in OneSearch (to make sure no-one has checked out items in your name).

Students: Additional checks you can do are things like ICON (make sure your personal details haven't been altered), print credit (to see if anyone has been printing your documents or personal information) and Blackboard (for any unusual activity).

Staff: Check all university systems (staff login required) for any unusual activity.

Personal passwords

If you suspect that someone knows one or more of your personal passwords, you should take the following actions:

• Change the password for all affected services.
• Contact the service provider.
• Check that service for any unusual activity (check for social media posts, sent emails, financial transactions, etc.).
• If you have use the same password for multiple services, then you will need to change the password for all those services.
• If you have used the same password for university systems - see the advice above.

Password Security

See the Password Security section, of this site, for password best practice and to help you create secure new passwords.

We have seen an increase, this year, of spam and phishing emails being sent from student university email accounts. These emails follow a very similar format and include:

• A message that declares some urgency
• A document for you to review
• A link for you to click

These emails have been sent by bots or hackers (see Glossary) who have compromised the student email account(s) and are trying to gain access to your account, so they can send more emails.

Our IT boffins have been working hard to eliminate these emails before they happen, but occassionally they still get through.

If you receive on of these emails from a University of Cumbria account, then you need to forward the entire email as an attachment to spam@cumbria.ac.uk:

Forwarding mail as an attachment

Outlook (desktop version)

• Start a new email and address it to spam@cumbria.ac.uk
• In the ribbon menu - select Attach Item
• Select Outlook Item and a window will popup showing your Inbox items
• Select the offending email from the popup window
• Send the email
• Delete the original offending email
• Delete the original offending email from your Deleted Items folder

Outlook (web version)

• Start a +New Email and address it to spam@cumbria.ac.uk
• With your new message open drag the offending email into the body of your new message
• Send the email
• Delete the original offending email
• Delete the original offending email from your Deleted Items folder

Outlook (app)

There is not currently an easy way to do this from the Outlook App. Please go to a web browser or the desktop version to complete this. 

Personal email account

If you have receive one or more of these emails into a personal account, you should still forward it (as an attachment) to spam@cumbria.ac.uk.

The instructions for Outlook (web version) will work will all modern email services including: Gmail, iCloud, Hotmail, GMX, Zoho, etc.

Email and Mobile Security

It is very important that all users understand the risks associated with Email Security and Mobile Security.

If your account has been hacked or you have been the victim of a phishing attack, then the main way for cyber criminals to recruit more email accounts is to send out phishing emails from compromised accounts.

This is usually achieved by setting some "rules" in your email account e.g.

1. Forward any mail from the hacker's email address to everyone in your address book

2. Delete any mail from the hacker's email address

3. Delete everything in the sent mail folder

This means that whenever you receive an email from the hacker - it is forwarded to all of your contacts, it then deletes itself so you never know it arrived and then it deletes all Sent mail so you don't know that any messages have been sent from your account.

See the Email Security page and "I think I'm the victim of a phishing attack" below.

University email account

If your university email account has sent out any emails that you didn't create or your Sent Items folder is unexpectedly empty - you should contact the IT Service Desk immediately on 01228 888888 or via the IT Service Desk Web Portal. They will advise you on the next steps to take, including resetting your account password and deleting any rules that have been created for forwarding/deleting/filing emails.

If you can identify the original phishing email, then also follow the instructions in "I think I'm the victim of a phishing attack" below".

Personal email account

If your personal email account has sent out any emails that you didn't create, then there are a few things you should do:

• Change your account password, just to be safe.
• Review any mail rules that have been created in your account (you can delete them all and recreate any that were genuine).
• Contact your service provider to inform them of the issue.
• Contact the IT Service Desk to let them know you have fixed the problem with your personal account (this will make them aware that your account is no longer compromised and it can probably be declared as a safe email for sending and receiving via the university network).

See Email Security and How IT Works for more information and examples of phishing, but if you believe you are a victim there are some things you can do now.

University Email

If the phishing email arrived into your university email account - contact the IT Service Desk to explain what has happened. They will be able to advise on the next steps you need to take, including the resetting of passwords and checking any potentially compromised systems.

You will also need to follow the instructions for "I have received strange emails from other UoC users" (above).

If during the phishing attack you were directed to login to a website, then you will need to change the password for that site and contact the service provider.

Personal Email

If the phishing email arrived into your personal email account - contact the service provider and they will be able to advise on the next steps you need to take, including the resetting of passwords.

If during the phishing attack you were directed to login to a website, then you will need to change the password for that site and contact that service provider.

University Device

If the phishing attack happened when using a university device (laptop / Surface / PC / Mac / smartphone) - switch off the device and contact the IT Service Desk on 01228 888888 or or via the IT Service Desk Web Portal. 

Personal Device

If the phishing attack happened when using a personal device -  disconnect the device from any network (wired or wi-fi) and run your antivirus software. If you do not currently have any antivirus software, then begin by downloading, installing and running MalewareBytes - the free version is OK for now and it should pick up most issues that malware can cause to your device.

If you are not confident in fixing issues yourself - seek professional advice.

University or Personal Accounts and Passwords

If your think that that your university or personal accounts have been compromised, or that you may have entered your password in a fake site - follow the advice given above in "You think someone else knows your password".

If you have been the victim of ransomware (see "My computer says a must pay a fine or a ransom" on the How IT Works page for more information), then you must resign yourself to the fact that all of the data stored on that device is lost.

You must NEVER pay any fine or ransom associated with the ransomware - this money goes to criminals and you will never get your files back anyway.

University Devices

You must shutdown the device immediately and disconnect it from any wired network connect (pull the cable from either the wall or the back of the device).

With the device switched off - contact the IT Service Desk on 01228 888888.

Do NOT switch the device back on - IT will deal with it.

Personal Devices

• Disconnect the device from any wired network
• Take a photograph of the ransom message using another device
• Shut down the device and do not switch it back on
• Seek professional advice from a trustworthy source
• Do NOT pay the ransom demand.

You should report this incident directly to Action Fraud (http://www.actionfraud.police.uk/) via their online reporting tool or telephone: 0300 123 2040. Action Fraud are the National Fraud and Cyber Recording Centre.