29 Jan 2020
Phishing campaign
As you will have seen today (29 January 2020), IT Services conducted a simulated phishing campaign within the University with the subject ‘From the Chief Operating Officer: Travel Survey’.
This exercise is an important component of our work to give assurance on matters of IT Security. The purpose was to raise staff awareness around the serious risks which could lead on from a successful phishing campaign against the University.
The simulated phishing email you received today incorporated the many mistakes which are seen in today’s real phishing emails but was relatively unsophisticated in comparison to many real attacks the University and sector has experienced recently. You may be familiar with a recent attack on Lancaster University which saw 12,500 UCAS records stolen: https://www.bbc.co.uk/news/uk-england-lancashire-49081056.
Your usernames and passwords are the key defence against securing access to personal and sensitive University data. The security around remote working has further been enhanced with the introduction of Multi Factor Authentication which is being rolled out across campus.
For further information about how to spot phishing emails: https://www.lboro.ac.uk/services/it/student/security/phishing/
For details on how to report a phishing email to IT Services: https://www.lboro.ac.uk/data-privacy/iwantto/reportaphishingattack/