IT Security – reporting procedures

• If possible, forward the email as an attachment to preserve all the original information to phishing@lboro.ac.uk; if you are unsure how to do this contact IT Service Desk
• If you have responded to the scam or login were passed on please provide further details
• Have you changed your password? If you have given your login details to a suspected phishing site, change your password right away.  Also, if you used the same details for other sites to change them as well

• Was there any personal, sensitive or confidential data on the server?
• Is there evidence of data being extracted from the server? Please provide details
• Have any suspicious files or scripts been found on the server? Please provide details
• Are there any local accounts on the server with weak credentials, have they now been changed?
• Attach or forward specific parts of the log files which highlight the attacker details that could assist to investigate further e.g. IP address of who is trying or has attacked the server, dates and times, ports used.

You must fill in the "Reporting a lost or stolen University laptop form" as soon as possible which is available on the Data privacy and information security website, please see link below.

Once filled in it should be forwarded to IT Services.

• Did you click on a link or download software? If so, please provide details
• Have you seen any unusual activity on the PC since for example a modified desktop background or random popup
• Are any files stored either on your local hard drive, shared network drives or external hard drives now inaccessible
• Do you have an up to date data back up? This would need to be restored after a re-installation of the Operating System if the infection has corrupted the data

• Provide the exact link to the webpage and if you know who owns the page
• Was any personal or confidential data submitted on the page
• Do you know if the site hosted at University or in the cloud/external company

Webpage owner can request security certification - SSL Certificates - which can be installed on the server to secure data transfer using encrypted https.

• What was the first point of contact? For example email, phone call, text
• Did you give any login details to the scammer or allow anyone to connect to your PC remotely
• Has there been any unusual activity on your machine

• What information was breached, to whom and how
• Confirm the classification of data by referring to information governance, policy3 - Responsibilities of All Staff and Doctoral Researchers (link below)
• Has anyone been informed about the breach
• If the data was on USB pen or external hard drive, was it encrypted and/or the files password protected