Security best practice
Scam emails / Phishing
What is Phishing?
Phishing uses email and/or fake websites to collect personal and financial information or to infect your devices with malicious viruses. The emails pretend to be from a genuine company or someone you know and usually claim that you need to click a link in the email, eg to 'update' or 'verify' account information. The link may lead to a website that looks genuine but is in fact bogus. Information you enter on the site will be collected by the fraudsters and can be used to commit fraud.
How to identify a phishing email:
- The 'from' name is someone you recognise but if you hover your cursor over it the email address that appears is not the genuine address.
- The email may address you in vague terms because the fraudsters don't know your name, eg 'Dear Customer'.
- There may be grammar and spelling mistakes, and odd formatting.
- Such emails usually contain incorrect or fake contact information.
What can you do?
- Be suspicious of unexpected emails asking you to click a link and input personal data. The email address the message appears to be from might not be genuine.
- If the email appears to be from your bank or a company with whom you make financial transactions, never click on a link in the email. Find the company's genuine URL and type it into the browser yourself.
- Never provide sensitive information over email nor respond to one that asks you for such. A bank will never contact you by email to ask you to enter your password or any other sensitive information by clicking on a link and visiting a website.
- Never open, run and or save any attachments from suspicious emails that are sent to you from unknown senders.
- Ensure your device has the latest security software updates installed and your anti-virus software is up-to-date.
- If you think you’re a victim of cybercrime, change your passwords and PIN on all accounts that you think might be compromised. Contact your bank immediately and visit the Action Fraud website where you can report a cyber crime and obtain a police reference number. You can also use the Action Fraud website to report an attempted scam message.
The following external websites give comprehensive advice on phishing and other types of fraud:
A good password is both easy for you to remember and hard for others to figure out. A strong password contains upper and lowercase letters, along with symbols and numbers. Or more recent advice is to use three random words.
Do and Don’t when creating a strong password:
- both upper and lowercase letters
- numeric and special characters
- at least 8 characters in length (the more the better but it should also be memorable)
- a unique password every time
- the word 'password'
- a form or derivative of your current login (such as writing it in reverse or capitalising it)
- your name as your password
- a word found in any dictionary
- the same password as another account
More information can be found on the internet, for example: The Ultimate Guide for Creating Strong Passwords.
Please remember: London Met staff will never ask you to reveal your password by email, in person or on the phone.
Anti-virus Best Practice and free anti-virus software
Individual's responsibilities using University systems on campus
All students are responsible for taking suitable measures to protect against virus infection. Failure to do so may constitute an infringement of the University’s regulations governing the use of computing facilities.
A user who allows their computer to become infected puts at risk their own work and other people’s systems and data.
- A memory resident virus detector must be installed if available.
- Students using the University's computers should adopt the following ‘best practice’ at all times:
- Exercise extreme caution when opening attachments and check for viruses before opening.
- Exercise caution when copying files. Only download from reputable sites and carry out a virus check on the file.
- Exercise caution when opening files from removable media such as USB memory sticks or CD-ROMs.
- Scan all external media for viruses before using.
- Report any virus found to the ICT Helpdesk or to the computer staff in the department. Provide the following information if known: virus name, extent of infection, source of virus and potential recipients of infected material.
- If possible, warn people to whom the virus may have been sent. Include the name of the virus in the warning if at all possible.
- Students who are authorised to attach their own computer to the University network must ensure that their computer has virus protection which complies with the standards set out in this policy.
Using computers at home
- When using home computers to access University resources remotely it is recommended that in addition to the above, it is best practice to:
- Update virus protection software frequently (configured for automatic updating on a daily basis if possible).
- Install all recommended security patches for the operating system and applications in a timely manner.
Sophos anti-virus for home use
The University currently uses Sophos anti-virus software and students can obtain free Sophos anti-virus tools for home use. See the Sophos website for information.
Please note: you will be asked to create an account in order to download the software. Please use your University email address when creating the account so that Sophos can identify you as a member of London Metropolitan University.