While the University takes proactive steps to protect the email accounts of staff and students, it is also imperative that you assist by being aware of security risks to your email account while online.
A compromised email account not only disrupts your own email access and personal security, but may have wider consequences to the University - such as blacklisting of our email servers causing email bounce-backs affecting other users and possible corporate data compromise.
All Staff and Students are reminded they must abide by the University Acceptable Use Code of Practice (PDF format) with respect to taking adequate safety precautions when using University email accounts.
Why spam email reaches your mailbox
The vast majority of spam emails (Wikipedia link) are discarded by the University spam filters before they reach user mailboxes, but it is inevitable that a small percentage of rogue emails may be able to reach the user mailbox.
It is virtually impossible to prevent this, since setting spam filtering rules too strictly may result in legitimate emails being rejected as 'false positives', and spammers are always seeking ways to bypass automated spam filtering systems.
In some cases, local spam rules on user mailboxes will also mark emails as spam - such as the Junk Mail folder in Outlook client (staff) and Office 365 (student) - for more information on how to block/allow emails see the Online Help within Outlook and Office 365.
IMPORTANT NOTE: It is crucial to understand that just because an email has reached your inbox this does not guarantee it is legitimate, so you should still be wary of all unsolicited emails - particularly those requesting personal or account related details.
Why spammers want your account details
Spamming takes many forms, from dubious bulk advertising (known as malvertising) to phishing - where the spammer is trying to trick you into providing personal details by pretending to be a legitimate company or person you may know.
Attempting to directly phish financial or personal details to commit fraud or identity theft may be the most obvious reason - but why do the spammers want your University email account details? A compromised account may provide your personal information indirectly via the emails in your mailbox - it's important to note that the spammer will be able to access everything in your mailbox. University email systems also tend to be 'trusted' and therefore it makes our email accounts very attractive to spammers when continuing their on-going spamming activities.
The University has taken steps which assist in proactively identifying email accounts which may have been compromised, however it is important to note that ultimate responsibility for keeping their mailbox secure remains with each staff member or student.
How to recognise a phishing email
Some phishing emails are more obvious than others and some spammers go to great lengths to 'spoof' their intended recipients. Just because it looks legitimate doesn't always mean it is - web addresses and email links can be 'spoofed' and corporate images (such as bank logos, etc.) can be misused. Remember: if in doubt, check!
Online banking is an obvious common target of phishers, and many people are now extremely wary of providing financial account details to non-solicited emails, but spammers have diversified into other areas such as:
- Student Loans Company 'account alerts'
- Email Mailbox 'loss of access' or 'upgrade' alerts (Important: Digital Services will NEVER ask for your passwords in this manner)
- HM Revenue & Customs 'tax refunds'
- Parcel shipping 'non-delivery' from DHL, etc.
- iTunes, eBay and PayPal 'purchase' alerts
- Social Media 'access' alerts
Access to this information may provide the spammer with the indirect route to other personal or financial information.
Clicking on attachments and web links within suspect emails also increases the risk of malware and spyware infection of your computer or smart device.
View an example of phishing emails received by the University recently (PDF format)
How to protect yourself
If you receive an unsolicited email from an organization you do have links with, which includes web links, go to their official website by typing the link into your internet browser or use your browser bookmark/favourite. Do not click on any link in an unsolicited email. If in any doubt, use the contact details on their site to query the email.
Tip: hovering over a hyperlink with your mouse (not clicking on it!) can preview the real web address the link is directing to. In many phishing instances this will clearly show a dubious link unrelated to the real site it is purporting to be - this is one way to spot a potential phish.
Do not 'unsubscribe' from unsolicited email lists, this is likely only to increase the volume of spam you receive, as you will mark your email account as 'live' to the spammer. Mark the email message as junk or just delete it.
Do not register your University address on numerous external websites, forums or email distribution lists - except those for University related purposes. The more 'footprint' your email address has on the internet, the more likely it is that you will receive spam. Instead, it is better to register and use a web based email account for personal internet use.
When accessing University systems via personally owned devices, use an up-to-date web browser. Anti-phishing technology is now common in recent versions of standard web browsers such as Firefox, Chrome and Edge. University staff and student workstations currently use Edge as the supported default browser. Google Chrome is also installed.
If you are unsure about the authenticity of an email in your University mailbox, forward it to the Digital Services IT Service Desk at servicedesk@ulster.ac.uk for advice.
What to do if I think you have been compromised
In the event you suspect your University email account may have been compromised (possibly by you having mistakenly supplied details to an unsolicited email or via your mailbox demonstrating other signs as outlined below), then it is vital that you inform the Service Desk on 028 9536 7776 as soon as possible.
If the incident occurs during core working hours of Mon-Thurs 09:00-17:00 and Friday 09:00-16:30, the Service Desk will assist you in changing your password immediately and will then open the investigation to establish if any actual compromise has occurred.
Outside core working hours, please attempt to change your password immediately using the Staff Password Manager and then inform the Service Desk via telephone at the earliest opportunity of the suspected compromise.
IMPORTANT NOTE: the new password must be completely unrelated to the possibly compromised password; hence it should not be guessable to the spammer if they re-try to gain access.
Please do not use email to report a suspected compromise.
It is important to note that the early reporting of a possible compromise may assist in reducing the impact significantly. Some spammers may not actively misuse your account immediately, so if the password has been changed at the earliest possible time, this may block any active misuse of the account.
Signs your account may have been compromised include:
- Receiving email bouncebacks, especially from emails you do not recall sending.
- People on your contacts list report receiving strange emails from you.
- Emails appear in your Deleted Items, Sent Items or other folders that you do not recognise.
- Presence of mail rules diverting your email to another folder within your mailbox instead of the Inbox, or to another email account entirely.
- Personal signatures on outgoing emails changed to other contact details instead of your own.
If you also think you may have compromised personal details related to a non-University IT Account, then contact the relevant company or organisation for assistance. For example, if your mailbox contains details of any online bank accounts, then you should assume that a spammer with control of your mailbox could have accessed that information at any time.
Related online material
- University - Acceptable Use Code of Practice (PDF Format)
The following links are external to the University but provide useful additional information on this subject.
- Student Loans Company - advice regards phishing emails
- Microsoft Safety & Security Centre - Phishing Frequently Asked Questions
- Microsoft Safety & Security Centre - how to recognise phishing email or links
- BBC Viewpoint: How hackers exploit 'the seven deadly sins'
- Sophos 'Naked Security' blog - Targeted webmail phishing attacks
- Citizens Advice - How to check if something is a scam
- Sophos - IT Security DOs and DON'Ts (video clips)
Disclaimer: this section includes links to external websites in order to provide additional information. We are not responsible for the content or availability of any external website and the inclusion of such websites does not constitute a recommendation or endorsement of an organisation or its website by Ulster University.