How to make your email more secure.
While the University takes proactive steps to protect the email accounts of staff and students, it is also imperative that you assist by being aware of security risks to your email account while online.
A compromised email account not only disrupts your own email access and personal security, but may have wider consequences to the University - such as blacklisting of our email servers causing email bouncebacks affecting other users and possible corporate data compromise.
All Staff and Students are reminded they must abide by the University Acceptable Use Code of Practice (PDF format) with respect to taking adequate safety precautions when using University email accounts.
The vast majority of spam emails (Wikipedia link) are discarded by the University spam filters before they reach user mailboxes, but it is inevitable that a small percentage of rogue emails may be able to reach the user mailbox.
It is virtually impossible to prevent this, since setting spam filtering rules too strictly may result in legitimate emails being rejected as 'false positives', and spammers are always seeking ways to bypass automated spam filtering systems.
In some cases, local spam rules on user mailboxes will also mark emails as spam - such as the Junk Mail folder in Outlook client (staff) and Office 365 (student) - for more information on how to block/allow emails see the Online Help within Outlook and Office 365.
Spamming takes many forms, from dubious bulk advertising (known as malvertising) to phishing - where the spammer is trying to trick you into providing personal details by pretending to be a legitimate company or person you may know.
Attempting to directly phish financial or personal details to commit fraud or identity theft may be the most obvious reason - but why do the spammers want your University email account details? A compromised account may provide your personal information indirectly via the emails in your mailbox - it's important to note that the spammer will be able to access everything in your mailbox. University email systems also tend to be 'trusted' and therefore it makes our email accounts very attractive to spammers when continuing their on-going spamming activities.
The University has taken steps which assist in proactively identifying email accounts which may have been compromised, however it is important to note that ultimate responsibility for keeping their mailbox secure remains with each staff member or student.
Some phishing emails are more obvious than others and some spammers go to great lengths to 'spoof' their intended recipients. Just because it looks legitimate doesn't always mean it is - web addresses and email links can be 'spoofed' and corporate images (such as bank logos, etc.) can be misused. Remember: if in doubt, check!
Online banking is an obvious common target of phishers, and many people are now extremely wary of providing financial account details to non-solicited emails, but spammers have diversified into other areas such as:
Access to this information may provide the spammer with the indirect route to other personal or financial information.
Clicking on attachments and web links within suspect emails also increases the risk of malware and spyware infection of your computer or smart device.
Example of phishing emails received by the University recently: Click Here For PDF
If you receive an unsolicited email from an organization you do have links with, which includes web links, go to their official website by typing the link into your internet browser or use your browser bookmark/favourite. Do not click on any link in an unsolicited email. If in any doubt, use the contact details on their site to query the email.
Tip: hovering over a hyperlink with your mouse (not clicking on it!) can preview the real web address the link is directing to. In many phishing instances this will clearly show a dubious link unrelated to the real site it is purporting to be - this is one way to spot a potential phish.
Do not 'unsubscribe' from unsolicited email lists, this is likely only to increase the volume of spam you receive, as you will mark your email account as 'live' to the spammer. Mark the email message as junk or just delete it.
Do not register your University address on numerous external websites, forums or email distribution lists - except those for University related purposes. The more 'footprint' your email address has on the internet, the more likely it is that you will receive spam. Instead, it is better to register and use a web based email account for personal internet use.
When accessing University systems via personally owned devices, use an up-to-date web browser. Anti-phishing technology is now common in recent versions of standard web browsers such as Firefox, Chrome and Internet Explorer. University staff and student workstations currently use Internet Explorer 11 as the supported default browser. Google Chrome is also installed.
If you are unsure about the authenticity of an email in your University mailbox, forward it to the ISD Service Desk at firstname.lastname@example.org for advice.
In the event you suspect your University email account may have been compromised (possibly by you having mistakenly supplied details to an unsolicited email or via your mailbox demonstrating other signs as outlined below), then it is vital that you inform the Service Desk on 028 9036 6777 as soon as possible.
If the incident occurs during core working hours of Mon-Thurs 09:00-17:00 and Friday 09:00-16:30, the Service Desk will assist you in changing your password immediately and will then open the investigation to establish if any actual compromise has occurred.
Outside core working hours, please attempt to change your password immediately using the Staff Password Manager and then inform the Service Desk via telephone at the earliest opportunity of the suspected compromise.
Please do not use email to report a suspected compromise.
It is important to note that the early reporting of a possible compromise may assist in reducing the impact significantly. Some spammers may not actively misuse your account immediately, so if the password has been changed at the earliest possible time, this may block any active misuse of the account.
Signs your account may have been compromised include:
If you also think you may have compromised personal details related to a non-University IT Account, then contact the relevant company or organisation for assistance. For example, if your mailbox contains details of any online bank accounts, then you should assume that a spammer with control of your mailbox could have accessed that information at any time.
The following links are external to the University but provide useful additional information on this subject.
Disclaimer: this section includes links to external websites in order to provide additional information. We are not responsible for the content or availability of any external website and the inclusion of such websites does not constitute a recommendation or endorsement of an organisation or its website by Ulster University.