my-cumbria-logo, my-cumbria-logo Toggle navigation

cs_email, Email security icon

Unless you are visiting unsavoury sites or downloading illegal content, you are most likely to get hacked or receive a virus through your email account. This might be through an infected attachment or by clicking on a link (see Phishing below), but unless you understand the basic problem - you remain vunerable to attack.

  • ☑ Email Security Summary - Top Tips

    Further explanation is provided on this page, but you must follow these rules to stay safe and secure when using email:

    1. Choose a SECURE (hard to guess) password.

    2. IF IT SEEMS TOO GOOD TO BE TRUE - IT IS!

    3. ONLY use your university email address for university business.

    4. NEVER click on links in emails you weren't expecting or where you don't know the sender.

    5. NEVER open attachments in emails you weren't expecting or where you don't know the sender.

    6. Check your email account for anything suspicious - sent emails, sending & receiving rules and replies to emails you never sent.

    7. If you think someone else has accessed your university email account - change your password immediately AND contact the IT Service Desk.

    8. If you think someone else has accessed one of your personal email accounts - change the password immediately and contact the service provider.

    9. Always remember: IF IT SEEMS TOO GOOD TO BE TRUE - IT IS!

  • Email Security - Essentials

    IT systems have become more secure by design over the years and are protected by both the university security mechanisms but also by partner organisations. Technical security will continue to be a priority for all of our systems however the weakest security link in IT systems is now often the user.

    Over the last few years these social engineering attacks have become more sophisticated and can take the form of emails, instant messages, voice calls or occasionally in person. There are many variations but often rely on the user believing they are talking to a person in IT, the Police, their bank, Microsoft, Apple, or a senior manager.

    Who sent me this message?

    Have you received a message from a person you have never heard of? Are they offering something or asking for something from you? It may be a genuine email, but if you are not expecting it and don't know the sender then you should be suspicious.

    Be aware

    It is not always easy to see exactly who has sent the email. A message that appears to come from bob.jones@cumbria.ac.uk may have been "spoofed" and has actually come from eorhuo@fhry4738.cn.

    On a desktop/laptop and in a web browser, it is often possible to look at the message properties to see the real sender (View Message Details in Outlook), but this is much harder when using email on your mobile device.

    warning_icon, warning_icon

    If you are in any doubt about the authenticity of an email from a company, institution or authority - then contact them by phone to check that they sent the message.

    Links in Emails

    Be suspicious! Links in unsolicited emails (SPAM) will often be an attempt at financial or identity theft (see Phishing below), a hacking attack where clicking on the link gives a criminal access to your computer or a virus that is designed to damage or lock you out of your computer (ransomware).

    Most email programs and systems will weed out these kinds of emails, but some will always get through.

    warning_icon, warning_icon 

    DON'T CLICK LINKS in emails, unless you know what it is and you were already expecting it.

    The University of Cumbria email service uses the SafeLinks system which should weed out almost all suspect links, but if you have received a suspicious email that contains one or more links then you should take the following actions:

    University email account: DON'T CLICK THE LINK(S). Forward the whole email as an attachment to spam@cumbria.ac.uk and then DELETE it.

    Personal email account: DON'T CLICK THE LINK(S). Mark the message as SPAM and your service provider will take care of it.

    If you have clicked on a suspicious link in an email - see our Disaster Strikes page for more information.

    Email Attachments

    Be suspicious! Attachments in unsolicited emails (SPAM) can be very dangerous to both the computer you are using and any network it is attached to. Just like a suspect link they can load software and viruses onto your device, but because you have invited them to download onto your computer - they can do much more damage.

    Most email programs and systems will weed out these kinds of emails, but some will always get through.

    warning_icon, warning_icon 

    NEVER OPEN ATTACHMENTS in emails, unless you know what it is and you were already expecting it.

    Email service providers will either remove or warn you about suspect attachments, but they learn from previous messages. This means that a brand new type of attachment or virus can occassionally get through. If you have received a suspicious email that contains one or more attachments then you should take the following actions:

    University email account: DON'T OPEN ATTACHMENTS. Forward the whole email as an attachment to spam@cumbria.ac.uk and then DELETE it.

    Personal email account: DON'T OPEN ATTACHMENTS. Mark the message as SPAM and your service provider will take care of it.

    If you have opened a suspicious attachment in an email - see our  page for more information.

  • Check your email account

    If you have hacked or received an infected or malicious email, you may not necessarily be aware of it. Your email account can be hijacked by a bot (malicious software) that sends out mail, changes rules and/or deletes existing files, attachments and emails.

    There are some clues, that you can check for, that this has happened to your account:

    • Have you logged into your email account and found that your inbox is unexpectedly empty?

    This could be an error or temporary fault with your email provider, but you should try viewing your mail on another device or logging out and then back in again. If the problem persists, contact the IT Service Desk for university accounts or your email service provider for other accounts.

    • Have you stopped receiving new emails?

    This could be an error or temporary fault with your email provider, but you should try viewing your mail on another device or logging out and then back in again. You can also try sending yourself a new email to see if it arrives. If the problem persists, contact the IT Service Desk for university accounts or your email service provider for other accounts.

    • Does your Sent email folder list emails that you have not sent?

    This suggests that your account has been hacked. Change your password immediately, log out and then contact the IT Service Desk for university accounts or your email service provider for other accounts.

    • Is your Sent email folder completely empty, but you didn't empty it?

    This could be an error or temporary fault with your email provider, but you should try viewing your mail on another device or logging out and then back in again. Send yourself an email to see if it arrives AND appears in your Sent email folder. If the your sent email appears, but your missing sent emails do not return, then you may have been hacked. Contact the IT Service Desk for university accounts or your email service provider for other accounts.

    • Has a friend, colleague, tutor or other contact, asked you why you've sent them a strange email (often containing offers, warnings, job offers or links to "must see" content)?

    If you didn't send them the email, then you have probably been hacked. Change your password immediately, log out and then contact the IT Service Desk for university accounts or your email service provider for other accounts.

    •  Check your email sending and receving rules.

    You may never have viewed or set any email rules for your account(s), but a hacker may have created some.

    This can include things like:
    ♦ Send a copy of all sent email to the hacker's email address.
    ♦ Send a copy of all recieved email to the hacker's email address.
    ♦ Automatically delete all emails received from IT Services.

    Send and receive rules are usually located in Settings in your email account and you should check them regularly. If you find anything strange - change your password immediately, delete the rules and then contact the IT Service Desk for university accounts or your email service provider for other accounts.

  • Phishing

    "Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss." (http://www.phishing.org/what-is-phishing | 2018)

    Be suspicious of any email or communication (including text messages, social media post, adverts) with urgent requests for personal information.

    Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, date of birth and other personal information.

    Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.

    Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead "http://wwwpaypal.com" or "http://www.paypal.com.et583.pw/login.htm".

    Don’t send personal financial information via email, and avoid filling out forms in emails that ask for your information.

    You should only communicate information such as credit card numbers or account information via a secure website or telephone.

    Secure Websites

    Only use a secure website when submitting financial or other sensitive information online.

    How can I tell if a website is secure?

    Every secure website will display two things in your web browser address bar: A LOCK symbol and the web address will begin with HTTPS

    secure site address bar image, secure_site

    Different web browsers will display the LOCK in slightly different ways (some may colour it green), but if you click on the lock you will be given more information:

    secure_site_certificate, secure site certificate image 

    It's a great offer

    Do NOT fall for whatever deal or bargain you are being offered. Check out similar deals and offers from suppliers that you have heard of and if the offer is too good - then it is a scam and criminals are trying to get your bank details.

    iPhone or iPad for less than half price? Apple doesn't allow those kinds of discounts or "selling-off" of overstock. SCAM

    Latest xBox games for £5? Are these stolen goods? Or just a SCAM?

    Qualified for a bursary that you didn't apply for? Money does not usually just drop out of the sky! Contact the university Money Advice Service for information about bursaries. SCAM

    Holiday of a lifetime for £250? SCAM

    warning_icon, warning_icon

    If it is too good to be true - then it usually is!

Edit page