It’s not paranoia – they are out to get you!

Malware, hackers, phishing, spyware, trojans, cybercrime, password stealers,  viruses, worms, rootkits, adware, etc.

 

The vacation periods at Universities are traditionally times for all of this malicious activity to increase dramatically.  Perhaps the people behind it think that that their victim’s minds are elsewhere, making them an easier target than usual.  Perhaps they are right.

 

Please remain vigilant for this kind of activity.  The usual advice apples:

 

  • NEVER give passwords or other account information to anyone, or keep written records that someone could find and use.
  • Be suspicious of emails purporting to be from a financial institution with whom you have an account if it is not routine, and especially if it takes you to a web page where you are asked to enter account information.
  • Likewise be wary of emails purporting to be from “the helpdesk” advising you of system updates that require you to change your password.  No University system works like that – it’s just another way to get you to disclose your account details (username and password).  Information Services will never ask you to do that.  If in doubt about an email consult the Information Centre, but if you are sure that one is malicious there’s no need to tell us about it – just delete it.
  • Avoid installing any software on your computers/mobile devices unless you are sure it from a trustworthy source.  Free software in particular, which can range from screensavers and games to a variety of useful utilities, may well do what you wanted it for but can also carry malicious payloads.
  • Keep anti-malware software up to date on personally owned equipment, have real-time scanning switched on, and occasionally run a full scan.
  • Install Windows and Mac Operating System (OS) updates on personally owned equipment frequently, as these provide protection from malware which seeks to take advantage of vulnerabilities in the OS.

 

Remember that all the defences against the attackers is always one step behind them – new forms of attack have to be identified and analysed before detection and defence mechanisms can be built into the anti-malware software which then still has to be distributed to, and installed by, users.  In the meantime you are vulnerable to what is known as a “zero day” attack.  Your own vigilance can go some way to protecting you from these.

 

For more information go to http://www.stir.ac.uk/is/staff/it/account/security/

 

Have a nice day, now.