Reporting phishing emails to IT Services

This article is intended for our staff and students.

While we have measures in place to help protect our systems, the threats to cyber-security are ever changing. Criminals are always developing new ways to exploit software vulnerabilities, which unfortunately can include manipulating users into helping them.

Criminals who intend to cause harm to IT infrastructure often use email to try and install malicious software on a victims device for a number of reasons, commonly for ransom or blackmail. This is why when it comes to email security, our advice to our users has always been don’t trust an email if you’re unsure of the sender and recieve an unexpected message with attached files or links. In rare instances, however, we know attackers may attempt to gain confidence with an initial email and then follow up with an attack.

In short, if in doubt don’t click.

What is phishing?

Phishing is the term used to describe an a cyber attack whereby an email, which may appear legitimate, is recieved with the purpose of misleading the recipient into revealing sensitive information. This usually involes getting a targeted user to follow a link within an email to a malicious or hijacked website, or, by opening an attachment which includes malicious code (a computer virus).

You can learn more about phishing attacks as well as other forms of email threats from Get Safe Online. Get Safe Online – www.getsafeonline.org – is a partnership supported by HM Government and leading organisations in banking, retail, internet security and other sectors.

How to report a suspicious email at Bradford College

Always remain vigilant. If you’re ever in doubt about an email, you can always forward it to IT Services using the email address [email protected] and we’ll investigate.

You can always approach a member of IT Services for advice. If you believe you may have inadvertantly clicked on a malicious link or opened a malicious file, please don’t be afraid to report it — our priority is to help protect our users. We do not seek to blame and we handle all reports to us in a professional manner.

A number of our users already report such emails to us and we’ve prevented dangerous attacks against our IT infrasture as a direct result of people making these reports to us. For that reason, we’d like to say thank you. We recognise the importance of our users in helping prevent cyber-attacks of this nature.

What about outside of college?

We recognise that this threat isn’t just related to our staff and students whilst at college. If you think you may have received a phishing email outside of college and not to your college email address, there’s help for you too.

Visit ActionFraud at www.actionfraud.police.uk from the UK National Fraud & Cyber Crime Reporting Centre for help and advice including an online reporting tool, types of fraud and support & prevention.

Obvious signs of phishing

The UK National Cyber Security Centre has provided the following warning signs to help you determine a suspicious message:

  • Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what you would expect from a large organisation?
  • Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
  • Look out for emails that appear to come from a high-ranking person within your organisation, requesting a payment is made to a particular bank account. Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
  • If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to some secret part of the Internet.

What happens when an email is reported to Bradford College?

If you have submitted a report to IT Services using the email address above, you should receive an automated reply. Our team looks at the emails and take the necessary action, which can include (and is not limited to) the following steps:

  • Block any malicious links within phishing emails  on all the college firewalls. This will prevent people who already have the emails from being tricked into going to the harmful webpage.
  • Add the email address (and sometimes domain) to filters to prevent more emails coming into college unless there is a very good reason not to.
  • Search the databases on the college mail servers for all the emails that have come in already from that source and that match that criteria – these are then instructed to be removed by the system.

About Access Manager

Forgotten passwords is a common factor in I.T whether for work or personal use. Find out how our adoption of Access Manager helps.

I.T Services is pleased to introduce an application which allows staff and students to manage their own password reset requests. The application is called Access Manager and is an online tool designed to work over the World Wide Web.

This means if you need to reset your password you can do so at your convenience without the need to contact I.T support, provided users have made the necessary initial configurations.

You can visit Access Manager by visiting https://accessmanager.bradfordcollege.ac.uk/ at any time.

We recommend that you periodically review your details to ensure they’re still correct and accurate, in case you need to gain access to your College I.T account if you forget your password.

New students with limited or no physical access to College

If you need to change your initial activation password, you can do so using Access Manager without the need to physically come to Bradford College. This may be particularly useful for our distance learners.

Connecting to WiFi at Bradford College

The College offers wireless networks for staff and students. Here’s more information about how to use them.

WiFi allows you to connect to IT networks without the use of a cable. It can also enable you to connect to the internet. Find out about our WiFi networks below, including availability and how to connect.

Eduroam WiFi network

Eduroam stands for Education Roaming and offers users from participating academic institutions secure internet access at any other Eduroam-enabled institution, for example some NHS Teaching Hospitals and other colleges and universities.

Please note your use of Eduroam is subject to College acceptable use policies and the JANET/JISC Eduroam Policy.

Further information about Eduroam generally and the JANET Roaming Service is available from the Eduroam Federation and JISC.

How to use Eduroam

If you have a College IT user account, you can connect to the WiFi network ‘eduroam’ on wireless-capable devices including Tablet devices, smart phones and laptops.

For staff, your username for the Eduroam WiFi access point is your full college e-mail address. Please note that staff are not able to access network shares/drives using Eduroam.

If you’re a student, your username is simply your student ID following by “@bradfordcollege.ac.uk”, not including quotes. This is the same as your college e-mail address (for students only).

For all users, your password to connect is the same as your College IT password, used to log in to college devices.

Remember to update your password on your device connection settings when you change or reset your College IT password. This may involve removing the ‘eduroam’ network (SSID) from your list of remembered networks (also known as forgetting the network).

Configure devices using software/apps

You can also download free software/apps which configures your device with all settings required for a successful Eduroam connection for Bradford College at https://cat.eduroam.org/ (remember to choose the college if prompted).

The software and apps are cross-platform compatible, which means it will work for Microsoft Windows, Apple Mac OS, Linux, and more.

Eduroam availability

Eduroam WiFi is available in most campus sites with the following exceptions:

  • Limited Coverage in:
    • Old Building
    • Bowling Back Lane
    • City Training Services (Little Germany)
  • No coverage at:
    • Garden Mills

About the BCW1 WiFi network

The college also has a WiFi network which is available to restricted college devices only. Staff can enquire about using this network through the Staff I.T. Service Desk.

Guest access

The college does not offer temporary access to our networks by default (i.e. there is no guest network).

If there is an event organised by staff which would require offering temporary WiFi access, the event organiser(s) should make this request in good time to IT Services.

Changing/resetting your College IT password

Information on how to change or reset your I.T account password for staff and students.

New staff and students

If you’re new to the College and after your very first login, you need to set a new password. Set your answers to security questions to reset your password in case you forget it using Access Manager at accessmanager.bradfordcollege.ac.uk.

Existing staff and students

If you would like to change your password at any point using one of two options.

  • Use Access Manager to change your password
  • Using a College Windows PC/laptop, simply log on and press CTRL and ALT and DEL together then select the option to change your password.

You can change your IT password at any time, particularly if it’s about to expire (you’ll be notified before that happens).

Staff passwords & working remotely

If you work off campus a lot or do work from home, setting up your Access Manager account is extremely important and saves disappointment when contacting IT Services for a password change without knowing your PIN number.

Forgotten IT password

You can reset your password using Access Manager providing you’ve previously set it up with your security questions and answers.

If you’ve never set up Access Manager and don’t know your password:

  • Staff should contact the Staff IT Service Desk (you will need your IT PIN or authorisation from your line manager).
  • Students should approach the Student IT Service Desk with your student I.D. card. If you’re a student and you’re unable to approach the Student IT Service Desk on campus, please contact your tutor who should verify your request and pass it on to IT Services.

 

 

 

Protecting your inbox from unwanted e-mail

The I.T. Core Systems team manage our e-mail systems to remove the vast majority of e-mail messages that contain viruses or malware, phishing scams, are offensive or messages that are obviously spam.

Unsolicited and malicious e-mail is a growing problem generally in the I.T. sector and we continuously work to prevent such e-mails from entering your mailboxes.

For students and learners, your College e-mail mailboxes are protected by Office 365 and so we manage these differently.

But for staff mailboxes, reviewing of quarantined messages was something that has been undertaken manually by the team on request until earlier this year.

We’ve since been pleased to advise of a new process that enables College staff to control your own e-mail mailboxes by releasing or removing quarantined e-mail messages and, when appropriate, marking flagged messages as legitimate. I.T. Services first e-mailed staff about this update in May 2016.

How does this affect staff?

When an e-mail message is captured and marked as spam, the message is quarantined by our anti-spam software and held there for review for 31 days.

The intended recipient will receive a notification e-mail which provides instructions on how to proceed if the message is actually legitimate (i.e. you were expecting the message and know the sender).

Please note any quarantined messages not released are automatically deleted after 31 days.