The University is launching an awareness campaign to warn staff and students about cybercrime following increased attempts to secure personal data via email.
Cybercriminals are constantly adapting the channels and tactics used to target users, meaning that individuals are more likely to become a victim of cybercrime than any other crime in the UK (Office for National Statistics).
Last year the Computing Services Department blocked around 115,000,000 suspicious emails from our mailboxes but the University also relies on staff and students being vigilant to the risks posed online and aware of how to spot a suspicious email.
Phishing
The practice of attempting to secure personal data such as passwords, via email, is commonly known as ‘phishing’. Examples include emails that seem to come from a trusted source – such as Her Majesty’s Revenue and Customs (HMRC), or even a department within the University itself. Malicious emails sent to students, purporting to be from the Student Loans Company, are especially common at this time of year.
The emails often request personal information but malicious email attachments are also used to infect the user’s computer and source personal information once the user has clicked on the attachment.
Accounts and bank details
John Cartwright, Director of Computing Services, says: “A legitimate email would never request your username and password – even if came from the University. If you see an email request for this information, do not provide it under any circumstances.”
He added: “We are increasingly seeing emails which aim to get users to provide their username and password in order to gain access to their University accounts and bank details.
“It is really important that users remain vigilant. Don’t click links from unusual or unexpected emails and if any email asks for personal or financial information, question it.”
Awareness campaign
The University’s awareness campaign will educate users in how to protect themselves online both at University and at home.
The Computing Services team has also produced a series of hints and tips to prevent the chance of staff and students falling victim to phishing:
*Don’t be tempted to ‘click this link’. It may be going to a fake website where the details you use to log in to it will be captured; or one that will infect your computer with a virus. Hover your mouse over the link in an email to see the actual web address – it may well be different from the visible text that you can see in the email. This can give you a clue that the email is not genuine.
*Never give out your personal information. No legitimate organisation will ask for your personal details by email – and that includes your bank account, PIN, passwords, or contact details.
*If in doubt, do not use the link in the email. Visit the main homepage of the organisation instead or contact them on the phone number that is advertised on their main website. If the enquiry or issue is genuine there will be information available on the website or via the telephone contact.
*Don’t open attachments from people you don’t know or if you’re not expecting them. Do not open these, even if they seem to be from your bank, the government, or a reputable company (eg the Royal Mail, ebay or Amazon). They rarely send attachments.
*Be aware of common phrases which can help you identify a phishing email. Look out for phrases such as ‘verify your account’ or ‘if you don’t respond within xx hours your account will be closed’.
*If in doubt, don’t do anything. If you aren’t sure about what to do then don’t do anything; do not open attachments or follow any links. Get in touch with the Computing Services Department Service Desk for advice about whether the email is malicious or not.
Help and support
The Computing Services Department Service Desk is here to help. If you receive any emails that seem suspicious, simply report the email and you will be advised whether the email is malicious or otherwise.
You can also submit your query by email to servicedesk@liverpool.ac.uk and it will be logged automatically. The Service Desk online chat facility is also available from Monday to Friday, 9am-5pm.