IT systems have become more secure by design over the years and are protected by both the university security mechanisms but also by partner organisations. Technical security will continue to be a priority for all of our systems however the weakest security link in IT systems is now often the user.
Over the last few years these social engineering attacks have become more sophisticated and can take the form of emails, instant messages, voice calls or occasionally in person. There are many variations but often rely on the user believing they are talking to a person in IT, the Police, their bank, Microsoft, Apple, or a senior manager.
Who sent me this message?
Have you received a message from a person you have never heard of? Are they offering something or asking for something from you? It may be a genuine email, but if you are not expecting it and don't know the sender then you should be suspicious.
Be aware
It is not always easy to see exactly who has sent the email. A message that appears to come from bob.jones@cumbria.ac.uk may have been "spoofed" and has actually come from eorhuo@fhry4738.cn.
On a desktop/laptop and in a web browser, it is often possible to look at the message properties to see the real sender (View Message Details in Outlook), but this is much harder when using email on your mobile device.
|
If you are in any doubt about the authenticity of an email from a company, institution or authority - then contact them by phone to check that they sent the message.
|
Links in Emails
Be suspicious! Links in unsolicited emails (SPAM) will often be an attempt at financial or identity theft (see Phishing below), a hacking attack where clicking on the link gives a criminal access to your computer or a virus that is designed to damage or lock you out of your computer (ransomware).
Most email programs and systems will weed out these kinds of emails, but some will always get through.
|
DON'T CLICK LINKS in emails, unless you know what it is and you were already expecting it.
|
The University of Cumbria email service uses the SafeLinks system which should weed out almost all suspect links, but if you have received a suspicious email that contains one or more links then you should take the following actions:
University email account: DON'T CLICK THE LINK(S). Forward the whole email as an attachment to spam@cumbria.ac.uk and then DELETE it.
Personal email account: DON'T CLICK THE LINK(S). Mark the message as SPAM and your service provider will take care of it.
If you have clicked on a suspicious link in an email - see our Disaster Strikes page for more information.
Email Attachments
Be suspicious! Attachments in unsolicited emails (SPAM) can be very dangerous to both the computer you are using and any network it is attached to. Just like a suspect link they can load software and viruses onto your device, but because you have invited them to download onto your computer - they can do much more damage.
Most email programs and systems will weed out these kinds of emails, but some will always get through.
|
NEVER OPEN ATTACHMENTS in emails, unless you know what it is and you were already expecting it.
|
Email service providers will either remove or warn you about suspect attachments, but they learn from previous messages. This means that a brand new type of attachment or virus can occassionally get through. If you have received a suspicious email that contains one or more attachments then you should take the following actions:
University email account: DON'T OPEN ATTACHMENTS. Forward the whole email as an attachment to spam@cumbria.ac.uk and then DELETE it.
Personal email account: DON'T OPEN ATTACHMENTS. Mark the message as SPAM and your service provider will take care of it.
If you have opened a suspicious attachment in an email - see our page for more information.