By Daniela Cooper, on 1 April 2019
As of the 31st March Sophos is no longer available as a site license for UCL.
What do I need to do?
If you are currently using Sophos as an anti-virus product, you now need to uninstall Sophos and install F-Secure instead.
Previously Sophos was the only option for Mac users, however F-Secure now has a version for the Mac as well as a version for Windows and Linux.
How do I do this?
- Firstly, go to swdb.ucl.ac.uk and search for F-Secure. Download the version that is appropriate for your computer. You will need to make a note of the serial key to be able to activate it once it’s installed.
- At this point I would take my computer off the internet and reconnect it to the internet once F-Secure has been installed and is ready to update itself.
- Uninstall Sophos. When Sophos was installed it should have also installed a utility to uninstall itself.
- Install F-Secure.
- Make sure that F-Secure is up-to-date.
- Run a full computer scan.
Now that you have put a new anti-virus product on your computer, it’s important to regularly check that the software is being updated, and regularly scan your computer for malware.
There are some departments that will continue to use Sophos. If you are unsure if this includes your department, please speak to your departmental IT manager.
By Daniela Cooper, on 6 March 2019
I know what you’re thinking, “Oh no, not another post about phishing emails!“. I know we do tend to bang on about this subject, but we do so with very good reason. A compromise through a successful phishing campaign is still one of the easiest ways for an attacker to get in, so for this reason alone we will continue to bang on about it. Phishing emails are still SO prevalent, if we can all learn to easily identify them, then that’s a big risk of ours reduced.
The phishing email
Before Christmas we sent out a phishing email to all staff at UCL, see below for a screenshot of the email:
Tell tale signs of a phishing email
There are a few common tell tale signs that we ought to bear in mind when we read our email, the following signs relate to the phishing email screenshot above:
- The from address – firstname.lastname@example.org does not look like a real email address, let alone a legitimate UCL email address.
- The to address – in this case the ‘to’ address was correct, but often in phishing emails the ‘to’ address is something other than the recipients email address.
- Subject line – the subject line suggests a sense of urgency.
- Opening line – the email does not address the reader by name, it says ‘Dear user’. A legitimate email should address the reader by their actual name.
- Spelling mistakes – some but not all phishing emails contain spelling and grammar mistakes.
- The URL – like the from address, the URL does not look legitimate either, it’s trying to look like a UCL domain but it isn’t. Always hover over a link to see where it will take you, as it may be different to what the text says in the email.
- Overall sense of urgency – the whole email has been designed to get the reader to take action quickly without taking the time to properly think about it.
If in doubt?
Even legitimate emails can sometimes look like phishing emails, it may be a good idea to gently point this out to the author when you come across these. As always, if you are not sure whether an email is legitimate or not, before you respond or click – ask us (email@example.com).
By Daniela Cooper, on 30 November 2018
UCL has acquired licenses for UCL users to use the enterprise version of LastPass. This blog article attempts to explain what LastPass is, why you should use it, and how to get a UCL LastPass account.
Why use a password manager like LastPass?
So, what is LastPass? LastPass is a password manager that allows you to store all your passwords encrypted in one place. The advantage of using a password manager over other methods of storing passwords is that you only ever have to remember one password instead of hundreds for all the individual accounts that you have. This is probably a good time to mention that you should never re-use a password for more than one account, if one account is compromised it could compromise all accounts that you have that use that same password. It’s really not worth the risk.
LastPass also allows you to share passwords with other LastPass users, so it’s ideal for using in teams that need to share passwords.
2 Factor Authentication
We highly recommend that you use 2 factor authentication with LastPass, this helps to protect against risks such as key logging software – by using 2 factor authentication if someone was to get your LastPass password they would not be able to access your account without your authenticator code. LastPass allows you to use authenticators such as Google Authenticator, LastPass Authenticator and many others.
How to get a UCL LastPass account
- We recommend that you download the browser plugin from LastPass and/or the app from the app store for your mobile.
- The browser plugin has been pre-installed on all Desktop@UCL Windows 10 machines.
- Then email firstname.lastname@example.org who will then provision an account for you.
The license we have for LastPass provides two password vaults, one for UCL related passwords and one for personal passwords. The one for personal passwords can be taken with you if you leave UCL and used with the free consumer version of LastPass.
LastPass is intuitive and easy to use, however they do provide training materials which can be found through the link below:
If you have any questions or would like further information, just send us an email: email@example.com.
By Daniela Cooper, on 21 November 2018
We are planning on regularly posting recent phishing email examples that are received by users at UCL. This is the first one with some ideas on what to look out for in this and other phishing emails:
- The sent from address – the sent from address is somewhat random, it is not a UCL email address, in fact in this case it is an email address from the Government of Bermuda!
- The sent to address – legitimate emails should be addressed to your actual email address.
- The subject line – there is no Microsoft Active Directory team at UCL. It’s an unusual subject line, it doesn’t explain the contents of the email.
- The opening line – phishing emails often open with ‘Dear User’, in this case the email says ‘Dear E-mail User’, a legitimate email should use your actual name.
- The sense of urgency – phishing emails often try to scare users into doing something quickly without thinking about it properly, in this case they are asking the user to respond by clicking the dodgy link to avoid their account being closed.
- The link / domain – you cannot see from the above screenshot but the link does not go to a UCL domain, it goes to a random website. Remember to hover over a link to see where it’s going before you click on it.
- The signature – there is no Microsoft Active Directory team at UCL, if you are ever in doubt please check with ISD.
One thing to bear in mind is that easier phishing emails like the one above have been designed so that they could be relevant to any organisation. Ask yourself when reading a possible phishing email if it is relevant to you and UCL.
Of course, this example is a fairly easy one to spot – there will be others that are more targeted and harder to identify. As always, if in doubt please ask us.
By Daniela Cooper, on 31 October 2018
No trick, just treat!
Tell us your thoughts and win a £25 Amazon voucher!
We are at the point where we are planning our vision for improving our Information Security Awareness programme. We need your help to give us feedback on what we currently do (if you know) and give us some new ideas on what we can do to improve our programme in the future!
Think about how you would like us to contact you, what areas of information security do you want to know more about, and what sort of articles would you like to see on our team blog. Any ideas are welcome.
In return, all responses will be entered into a random prize draw for a £25 Amazon voucher. Entries must be sent using a UCL email address and if the voucher cannot be collected in person, then it will only be posted to a UCL mail address. Send entries to firstname.lastname@example.org – the winner will be contacted on Friday 30th November.
So get those thinking caps on, and help us improve our Information Security Awareness programme – Good Luck!
By Robert D Maughan, on 26 October 2018
Something Phishy this way comes
We try to point out to people how to spot emails which are phishing attacks. We would like everyone to be a little cautious and think for a moment before they click on a link or open an attachment. However sometimes genuine emails are written in such a way they start to look like a phishing attack. We don’t want anyone to miss out on genuine emails nor do we want people to get comfortable clicking on things that look like phishing attacks.
So we thought we would offer a little advice on how to avoid looking like a criminal trying to steal someones identity.
How not to look like a phish
Use a UCL email address to send out UCL emails. Phishers often use look alike domains but should not have access to genuine internal UCL accounts.
Don’t use link shortening services like bit.ly as those are often used by phishers to hide where they are really connecting you to.
If you are referring people to an externally hosted site consider including a link to a page on the UCL website as well. The UCL page can talk about the mailing and show the address you are going to direct people to. This lets people check if a mailing is genuine or not.
Use a spell checker and think about how readable your email is before you send it. Many phishers don’t have a good command of English and don’t send particularly business like emails.
Thought of an idea I have not mentioned here? Why not add it as a comment?
By Daniela Cooper, on 22 October 2018
Finding out if you’ve been compromised!
This is the first in a series of blog posts on ideas for how you can help look after yourself when it comes to information security.
Have you come across the website www.haveibeenpwned.com?
It’s a website that allows you to check if an account has been compromised in a data breach. It cannot of course tell you 100% that it knows about all possible compromised accounts, but it’s a very good starting point!
It’s a free and quick tool that also allows you to sign up for the ‘Notify me’ service which will tell you if your account comes up as compromised in the future. The data comes from aggregated breaches that have been publicly released.
The UCL Information Security Group has signed up for the ‘Notify me’ service and receives reports for UCL accounts on a regular basis.
If one or more of your accounts does show up, try not to panic. Bear in mind the date of the breach, have you changed your password since then? If not, changing your password would be a good idea. Using a password manager with 2-factor authentication is also a good idea – more on that in the next blog post.
So, give it a go, have you been pwned?
By Robert D Maughan, on 22 October 2018
We are seeing another increase in criminals attempting to profit from users of the UCL email system. This particular attack relies on social engineering rather than a technical approach or, to be more blunt, extortion. The criminal emails you and says they hacked your system. They have copies of all your files, your browser history or even photographs or video taken using your webcam.
How the attack works
The criminal might share some information to prove they have accessed your system, a common example is the login details for a site you have visited previously. The attacker tells you they have installed malware on your computer and the only way to prevent them trashing your computer and publishing all the stolen information is to pay a ransom, usually in bitcoins.
Of course criminals lie, so it is very unlikely they have hacked you at all. Much more likely is that there has been a data breach which disclosed the username and password you use at a particular website.
The criminal hopes that by sharing this small amount of information with you, they can trick you into thinking they have much more of your information and get you to pay the ransom.
Similar emails will have been sent to hundreds or thousands of other people and even if only 1% of the people who receive the email pay up it is still very profitable for the criminal.
What should you do?
So what should you do? Firstly never pay a ransom, this only makes it more likely you will be targeted again and again. Secondly if they have sent you login details for a site then change it immediately and if you have reused that password in multiple places change it in all of them. Thirdly move on with your life as the risk they have actually got access to your data, when they make a threat like this, is so small you are more likely to be struck by lightning.
By Robert D Maughan, on 17 October 2018
UCL is currently seeing a large number of emails claiming to be from HMRC and to be about how to claim your tax refund. These are an attack known as phishing.
Unfortunately these are not from HMRC but from a criminal who want to trick people into sharing personal information. In particular they are hoping to obtain bank account information which could be used to steal money from you. So please do not open these emails, click on any links they contain or open any attachments.
Most attacks of this type attempt to install malware to your device so they can carry out other attacks such as:
- Stealing your documents and photos
- Activating your camera and microphone to spy on you
- Encrypting your files and demanding a ransom
- Or even using your computer as a launching point to attack other people.
So please think twice before you click on links or attachments you are sent. If you want to report receiving this sort of email you can do this at https://www.actionfraud.police.uk/ and that site also has some excellent advice on what to do if you have shared information with a criminal.
By Daniela Cooper, on 10 October 2018
Phishing is when someone malicious sends an email pretending to be from a legitimate person or organisation – the email will most likely ask for details such as passwords or financial information, but it can also ask you to download a malware infected attachment or ask you to click on a link to a compromised website.
Phishing has long been a problem, and something that we see targeted at UCL almost constantly. A successful phishing attack is an easy way into an organisation that doesn’t involve a lot of skill or effort on behalf of the malicious attacker. Once in, an attacker can gain access to all sorts of information (personal, financial, sensitive), they can steal that information and destroy it. An attacker can also gain control of your computer!
Due to the frequency of phishing attempts and the seriousness of the consequences, the UCL Information Security Group are about to embark on a phishing campaign that will involve sending simulated phishing emails to staff. We hope that staff won’t respond to the phishing emails, however the campaign is intended to help us identify areas that need more education and support, as well as raising awareness on how staff can help protect themselves and UCL.
For more information on phishing and what to look out for: www.ucl.ac.uk/informationsecurity/phishing.
If you are ever unsure whether an email is legitimate, before you click or respond, just ask – email@example.com.