Phishing Campaign

Phishing is when someone malicious sends an email pretending to be from a legitimate person or organisation –  the email will most likely ask for details such as passwords or financial information, but it can also ask you to download a malware infected attachment or ask you to click on a link to a compromised website.

Phishing has long been a problem, and something that we see targeted at UCL almost constantly. A successful phishing attack is an easy way into an organisation that doesn’t involve a lot of skill or effort on behalf of the malicious attacker. Once in, an attacker can gain access to all sorts of information (personal, financial, sensitive), they can steal that information and destroy it. An attacker can also gain control of your computer!

Due to the frequency of phishing attempts and the seriousness of the consequences, the UCL Information Security Group are about to embark on a phishing campaign that will involve sending simulated phishing emails to staff. We hope that staff won’t respond to the phishing emails, however the campaign is intended to help us identify areas that need more education and support, as well as raising awareness on how staff can help protect themselves and UCL.

For more information on phishing and what to look out for: www.ucl.ac.uk/informationsecurity/phishing.

If you are ever unsure whether an email is legitimate, before you click or respond, just ask – phish@ucl.ac.uk.