In the past 18 months, successful cyber-attacks have crippled operations at over a dozen UK universities, the latest being the University of Sunderland in October.
In most of these incidents, the attackers have gained initial entry to systems through phishing campaigns, where increasingly convincing, fraudulent emails are used to capture passwords or other sensitive information from staff or students.
Considering the current, very high-risk level, the University has asked IT Services to conduct a phishing awareness exercise for all staff in the coming weeks.
This exercise will be in the form of a simulated phishing email, designed to raise awareness of some of the clues that an email may be a phishing attack and not a genuine correspondence.
If you click on and respond to the simulated phishing email, there will be no punitive repercussions. You will be told straight away what has happened and receive a request to take a brief online phishing training module.
Please remain vigilant for the signs of a phishing email, including:
- Messages from senders or email addresses that you do not recognise
- Messages containing links to websites that ask for passwords or other sensitive information, or to websites with addresses that you do not recognise.
More information on phishing and staying safe and secure online can be found on the IT Services webpages.