Cybersecurity

Phishing and malware received through email is one of the most common information security threats faced by the University. Nobody is immune from these threats.

From week commencing 8 July, the London Met IT department will be adding some extra information to most emails sent and received from senders not using a London Met email address.

This extra information will appear at the start of external emails and will offer some information to help you assess if the email is a possible security threat or not. This kind of email tagging is becoming more common so some of you may have encountered it at other institutions. IT is adopting this change to support and increase personal privacy and organisational cybersecurity.

If you feel a partner institution or system should not be included in this, please log a ticket with IT and someone will be in touch to discuss this with you. Please note personal, individual email addresses will not be whitelisted.

If you have any questions please contact David Zilberberg, Head of Cyber Security (d.zilberberg@londonmet.ac.uk) or Liz McNaughton, Head of Service Management, (e.mcnaughton@londonmet.ac.uk).

For any Cyber Security issues or questions, please email cybersecurity@londonmet.ac.uk quoting your ticket reference number.

Boxphish cybersecurity training - new modules available!

Cyber crime and scamming is currently at an all time high. It is vital to the safety of both you and the University that we know how to spot such attacks.

To help with this, Cybersecurity training is available to all students as part of your studies. The training is provided by cybersecurity specialists Boxphish and comes in bitesize training modules that take about 5 minutes to complete. Each module focuses on a different cybersecurity risk area and the feedback we've received so far has been really positive:

"Immediately after completing the training, I reset my social media privacy settings, and intend to use different passwords for different accounts to prevent all my accounts from being logged into in a case of hacking."

"(I will) take cyber world more seriously…I didn’t think it was important until now."

You will find the Boxphish modules in your school weblearn organisation:

AAD 'Cybersecurity Quiz' folder in AAD Academic Support Organisation on Weblearn
SCDM School of Computing and Digital Media Weblearn organisation > Boxphish cybersecurity training > Cybersecurity awareness
SHSC Weblearn organisation > Cyber Security Training
SSSP School Weblearn organisation > Learning Materials folder
GSBL Citizenship Weblearn (The London Met Passport) organisation

What is phishing?

Phishing is a type of online identity theft usually, claiming to be from an organisation that you may trust, that uses email and fraudulent websites to trick you into sharing your information such as credit card numbers, passwords, account data or other valuable information.

Spam is unwanted, junk email, typically sent to large numbers of people, for the purposes of advertising, phishing, spreading malware, etc.

How to spot phishing

Email fraud that targets university staff and students is on the rise. It is becoming increasingly sophisticated and hard to identify.

We have systems in place to limit how many fraudulent emails get through and to minimise the impact where possible. However, some emails will always get through, so it is vital that you remain alert to potential threats and take responsibility for the security of your University computing and email accounts.

Below are some tips for spotting phishing attempts and email scams.

Be wary of emails that ask you to validate or verify your account.
Phishing emails tend to be poorly written and may include spelling mistakes and odd formatting.
Look out for emails that have a sense of urgency and imply you might lose access to your account or those with threatening tone and content.
They may appear to be from someone you know or an official source at the University.
Be wary of links in emails. Is the destination the same as the link you see? Try hovering over the link to check.
The email starts with an unusual or generic greeting such as ‘Dear valued customer’.
A fraudulent email may contain attachments, which could include .exe files.
A request for personal information such as your username, password or student loan details. The University will never ask you for a username or password.
Remember, if it seems too good to be true, it probably is.

What action should you take?

Never respond to emails that ask for your password or other sensitive information.
Never click on or open suspicious links or attachments.
If you're taken to a login page or website, never attempt to log in or enter your personal information.
If it appears to be from someone you know contact the original sender by telephone or create a new email to ask them if the email is genuine.

I think I have fallen for a phishing scam, what do I do?

If you or anyone you know falls for a phishing scam, you should:

Report to your bank immediately if any bank details are involved
Change your University account password using Password Manager
Contact the IT Self Service Portal
Email cybersecurity@londonmet.ac.uk quoting your ticket reference number.
Follow our advice to protect your account:

What to do if your account has been compromised or hacked.

Cybersecurity Hub

In the case of a major cyber incident, the university's web pages and systems may be not be accessible. Staff and students can now visit our externally hosted CyberSecurity Hub in this instance, where up to date information will be shared. Please save the url in your favourites for reference in case of any emergency.

Top Tips for Staying Safe

As part of Cybersecurity Awareness Week we spoke to researchers from London Met's Cyber Security Research Centre and asked them to provide expert advice for students and staff around cybersecurity.

Coursework reassessment information

Important - please read

On Campus

Read your latest student newsletter - new edition out now!