X Close

Risky Business

Tips and tricks for securing information

Menu

News Roundup:

By Daniela Cooper, on 13 November 2025

A quick roundup of some information security related news. First some information on security issues involved in the Louvre Heist. Then some phishing emails that we have seen recently that resulted in some compromised accounts.

The Louvre Heist

A lot of the news surrounding the Louvre has been focused on the physical theft, the BBC has done a nice visual story on this (I’ll link to it below). However, few have mentioned that the password for the Louvre surveillance system was “LOUVRE”, the weak password that cost them £76 million. See the following articles that explain it below:

https://www.ibtimes.co.uk/real-reason-behind-louvre-security-breach-was-video-surveillance-compromised-password-blunder-1753094

https://www.linkedin.com/posts/shawnee-delaney_humanrisk-insiderthreat-cybersecurity-activity-7392191123735326720-uW_G?utm_source=share&utm_medium=member_ios&rcm=ACoAADWE_XABmuT4Ds99Qy9d9-J7PkN_hcUl640

https://www.bbc.co.uk/news/resources/idt-fde5876a-c35c-48a2-b4cf-d255bd25611b

It’s a strong reminder to remember to address the basics when it comes to security.

Recent Phishing Emails

We have seen some phishing emails lately that have led to some account compromises, see image below:

In this case the tell tale signs were:

  • the To address not actually being the recipients address
  • unexpected link to an attachment

This looks a lot like the sort of email you might get if someone was trying to share a file from SharePoint with you. If you receive something like this that is not expected, double check with the sender, preferably not via email.

Reporting Suspicious Emails

If you receive an email that you wish to have investigated, you can take the following steps:

  1. Send the Email to phish@ucl.ac.uk: When you send an email to this address, it will automatically scan the email and provide you with an automated response with the result. You can also click on the “Report Phishing” or “Report Junk” buttons (instructions shown here), which will provide you with the same automated response.
  2. Raise it Directly with ISG: If you believe that the classification given was wrong, or you still want a security analyst to directly review the email, you can raise a ticket with ISG with the email included, which can be done here.

 

Filed under Uncategorized

Leave a Reply