The act of sending an email to a user falsely claiming to be an established legitimate enterprise, like your Bank or the technical department where you work, in an attempt to scam the user (you) into surrendering private information that will be used for identity theft. Phishing emails will typically direct the user to visit a website where you are asked to update personal information, such as a password, credit card, or bank account numbers and pins that the legitimate organisation or the university already has.

The website, however, is bogus and will capture and steal any information the user enters on the page, by using software call key loggers, meaning it will capture every key you depress, so logging in on your works P.C. or bank account, on-line shopping.

Sometimes you may receive an email that looks like it’s come from a genuine source like a bank or your IT department or companies such as Microsoft. These may try to alarm you by asking you to verify your password, pin number or bank account details or you may lose or be locked out of your account. Often times it can come from a person(s) that English may not be their first language, so look for poor grammar and spelling mistakes.

If you hover (DO NOT CLICK) over the web address, it usually shows a different address than the actual link. E.g. if it’s from HSBC or NatWest, the web link will not resemble the correct link. If in doubt, call your bank and ask if they have sent you an email, let them know that spam is being sent out in their name.

Ask 3800 if they have sent emails asking you to verify your password or change it.
1. Banks will never send you an email asking for that kind of information.
2. Microsoft will not send out an email asking for that information
3. 3800 will never send out an email asking you to supply your password.
4. If it comes with an attachment DO NOT OPEN IT OR CLICK ON ANY LINKS
5. DELETE IT

Even if you have been having problems with it is very unlikely that anybody else other than you will know about it.

They may say something along these lines: Your computer has a problem and its showing on our server, this needs fixing urgently or your computer may crash, I can fix this for you, but you must give me access to your computer so I can fix this remotely.

NO they can’t, they will not fix anything but they will steal your details and if you refuse to pay them, they will do as much damage as they can. They will not be able to access your computer unless you tell them your details. They may sound convincing but they cannot do any harm unless you give them access.

Your Internet provider or any software developer such as Microsoft will not call and tell you that your computer has a problem.
> Do not give your credit or debit card details
> Put the phone down.
> Close down your computer.
> If you think you have a problem take your P.C. to a reputable dealer for repair and or clean.
> Keep your virus software up to date.

Passwords – What Should I Do?
Passwords are the first line of defense against cyber criminals. It’s crucial to pick strong passwords that are different for each of your important accounts and it is good practice to update your passwords regularly. Follow these tips to create strong passwords and keep them secure.
Do use. Numbers and letters, the longer your password is the harder it is to guess.
Do use Upper as well as lowercase letters.
Do use unique passwords for each of your important accounts e.g. your logon at work, on-line banking and email. It may not be convenient but it’s safer.
Do Change them regularly.
Do not use Date of Birth.
Do not use your favorite team.
Do not use your significant other or children’s names.
Do not use your pet’s name.
Do not write them down
Do not share them

If at work contact 3800 who will help you with this.

If you forget your password or get locked out, you need a way to get back into your account. Many services will send an email to you at a recovery email address if you need to reset your password, so make sure that your recovery email address is up-to-date and an account that you can still access.

Sometimes you can also add a phone number to your profile to receive a code to reset your password via text message. Having a mobile phone number on your account is one of the easiest and most reliable ways to help keep your account safe. However, if you can’t or don’t want to add a phone number to your account, many websites may ask you to choose a question to verify your identity in case you forget your password.

If the service that you’re using allows you to create your own question, try to come up with a question that has an answer that only you would know and isn't something that you've posted about publicly or shared on social media.

Before attaching any documents via email, make sure with an excel document(s) in particular, that if there is more than 1 sheet within the document, check that they do not contain any personal details, like home address, bank details email address or date of birth, basically any identifying details. Check any word or PDF document for personal details.

When you have attached the document(s) to the email, check again you have attached the correct document before you hit send.

You’re as safe as the technology allows, however, these are the things you should look for: When proceeding with a purchase does the web address URL look like this , SHTTP or HTTPS, does it have a padlock symbol on the address bar, if it does this means that the information is encrypted.

Never use unsecured wireless networks to make an online purchase.

Protect your personal information: When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember, you only need to fill out required fields on a vendors checkout form.

Before providing personal or financial information, check the website's privacy policy. Make sure you understand how your information will be stored and used.

During any purchase before any transaction happens (provided you have signed up for it with your bank) you will be prompted to add three random letters of a security word you have chosen as added security. When using on-line banking it is likely that you will be asked for your pin number, dob, or favorite name, place of work or first school, or a combination of these, all of which you will have chosen when setting up on-line banking account in branch.

Make sure that the banks website is genuine, check phone numbers and branch address before submitting any personal details.

It is important to protect yourself from the more negative aspects of on-line world.

With smart or connected T.V.’s it’s very easy to go on-line to use services such as Netflix, Amazon Prime, shop or Skype your family & Friends, use Facebook, Twitter and YouTube. 

The risks: Your smart TV’s webcam and microphone (if fitted) being hijacked to view/eavesdrop on you and your family, or to find out what possessions you have.

Access to information, photos and other data on storage devices (such as USB sticks see below more information on USB flash drives) connected to your smart TV.

Do you know what information is being monitored or kept?

What you can do: The same principles apply you would use for your P.C. make sure that you use strong passwords. Disconnect your connection when not using it.
Add parental controls if your children use the Internet to download Apps etc.
Disable cookies.
Make sure your Firewall is enabled.

If you feel that the television company is collecting information without your permission you can complain and get advice from the Information Commissioners Office ico.gov.uk .

If you buy a USB flash drive, make sure it’s from a reputable place and is in packaging.

However, sometimes you may be given a free USB drive, for example, filling in your details to win that car or holiday. It’s an easy way for criminals to distribute malware to infect or gain access to your computer when logging on at work or at home.

These USB drives may contain key loggers that record every key stroke, so when you type your personal, credit card details and passwords key loggers collect that information and criminals use them to steal or commit fraud.

You may also without knowing, that your computer is being used as a Zombie to pass malware that infects your contacts computers or university systems.

If you do bring a USB or external hard drive in before you can use it at work you will be asked to encrypt them by using Bit Locker.

If you don’t know where it’s been don’t plug it in!

There are different cloud services such as Dropbox and Google Docs, do not store university information such as personal or student data in the cloud, whilst they seem secure if you have read their terms and conditions, (you should have done before agreeing to the terms when signing up) somewhere in there it will say that if a breach happens or information is lost, they will not take responsibility, so please DO NOT upload university personal or sensitive data to the cloud.

The university has its own cloud service, onedrive for Business please visit the website to learn how to access it.

Yes you can, when logging on to the university’s secure website use Airnet Secure, Airnet is Staffordshire University's Wireless network service. It allows staff and students with laptops or mobile devices to access selected network services without the restriction of having to connect to a network port.

The following secure wireless networks are available: * Airnet-Student, A secure network dedicated for student use * Airnet-Secure, A staff network allowing access to selected resources.

We also operate Airnet-Guest, which allows basic internet access for authorised guests. Please contact the IT help desk 3800 for more information on connecting to this network. or Eduroam click on link to find out more.

Eduroam allows Staffordshire University staff and students to take their laptops, tablets and mobile devices into other Educational Institutions worldwide, and connect using their Staffordshire University username and password.

Be careful what you write in emails, emails can be used in a court of law and can be accessed under Freedom of Information Act and subject access requests under the Data Protection Act.

Be careful with humour and sarcasm. It is easy to misinterpret a message without the voice inflections and body language of face-to-face communication.

Do not assume that messages sent by electronic mail are private. Messages will not normally be seen by other people, but electronic mail is not suitable for confidential information. You should think of email as a postcard, and not as a sealed letter.

If you wish to send confidential or large files to colleagues or a third party you are working with, please use the following university Dropbox Service Zendto,

You should also be aware that it is possible for people to send messages in other people's names. It contravenes the University regulations for you to do this. However, if you receive a message from someone, and the message seems strange or out of character, maybe it is not really from that person. If you suspect that this has happened, phone them or fax them or email them to check that they really did send the message.

If you receive a bogus message, report the incident to 3800 Check any attachments for personal details see: What should I check when sending attachments via email?

Use blind copy when sending information to students or many recipients. If you don’t know how to do this please contact 3800

When working on paper documents and you need to leave your desk, do not leave them open for people to read, if its confidential or has personal data contained in the document, you should either put the document in your desk (especially if you are away at a meeting and may be gone some time), or just cover the document until you return.

Lock all documents in a filing cabinet or desk overnight.

Do not use your university laptop or computer to store personal or confidential files such as staff or student data unless it is encrypted. Please use your university Onedrive or H:Drive if you have to store this type of data. If you need advice please contact 3800

All computers are vulnerable to attack and you should ensure that you are fully protected and use common sense when using the Internet or downloading or receiving information from unknown sources. Only download files that you know are safe.

Why am I sending this data?
• Do I need to send all of this data or only a part of it?
• Does the person I am sending this to really need this data?
• Are there ways that I can make this process more secure?

If in doubt please contact 3800