We all like to have access to information when and where we need it. Whether it’s through a phone or tablet, at home or on the move, it’s easy to log into accounts, make payments or just socialise, all at the touch of a button. In fact, we use technology so regularly for work and play, it’s easy to overlook some basic ways to keep information safe and avoid hacking, information loss and identity theft.
With cybercrime on the increase, it’s never been more important to stay informed and protected. This page is here to equip you with the knowledge, skills and tools to make the right decisions, keeping both you and your information safe.
Learn how to spot a scam
There was a time when scam emails were pretty easy to spot. Fragmented text from an unusual email address, coupled with an unwelcome level of familiarity, meant pressing ‘delete’ was never simpler. Now, it seems there is no limit to how far fraudsters will go to appear trustworthy and the threat extends well beyond email into face to face scams and fake phone calls and websites. This kind of activity is known as ‘social engineering’ and is designed to appear convincing, imitating reliable sources such as a bank, shop or University department.
What should I look out for?
- Emails asking you to share confidential information, such as your bank details, pin number or password. If someone wants to catch you out using this technique, it is known as phishing.
- Look out for misspelling, bad grammar or poor punctuation – this is a classic characteristic of a phishing email.
- A sense of urgency, for example, ‘respond in 24 hours or your account will be closed’.
- Text messages from unknown senders asking you to click on links.
- Phone calls from individuals asking you to confirm confidential information. Always contact the company they are purporting to be from directly and be aware that some scammers will keep the phone line open to trick you into thinking you have rung someone else. See below for how to counter this threat.
- Calls or emails from those claiming to offer support within the University, typically ICT, and requesting information such as login details. This can result in identity theft or, if they gain remote access, infection of your computer. The University ICT Department will never ask you to provide your password via email.
- USB sticks, memory cards, CDs/DVDs or any other storage medium that are lying around. Sometimes these are deliberately left lying around (baiting) containing harmful viruses or malware that will disrupt computer operations, gather sensitive information or access private systems.
- Someone posing as a staff member trying to gain access to computers, systems or servers.
How can I stop these fraudsters?
There are some basic ways you can stop fraudsters gaining access.
- Do not share the University’s confidential information with third parties. If you are unsure of someone’s authenticity it’s better to be safe than sorry. Contact email@example.com with your concerns.
- As above, if you're not sure if someone is from a company they claim to represent, contact the company separately and check.
- Only supply payment card information to organisations where you are confident that they are genuine.
- Use a VPN to connect to the internet when you are using a public or unprotected network.
- If you are submitting sensitive information, ensure you are on a secure site starting with https: or with the padlock graphic next to the web address.
- Use privacy screens on your devices, these restrict the viewing angle of your display and prevent others from reading your information easily.
- Use a webcam cover, this is a physical switch that blocks the webcam.
- Calls from those asking you to end a call and contact your bank should be viewed with caution. Be sure to dial the number on your bank statement and use a different phone. If you do not have access to another phone, wait at least five minutes before you dial out, or call a friend before making another call.
- Do not open email attachments or click on links from unknown sources. You can hover over a link to view the true destination of a link.
- If you don’t know where an external storage device, CD or DVD has come from, don’t put it in your computer. Hand it in at the ICT Service Desk.
Keeping your information safe, especially if it’s confidential, is key when working or studying at the University of Hull. Remember that the confidentiality of data is just as important for information in paper form as it is for information in digital format. Staff or students working with personal data, including 'sensitive' information as defined by the Data Protection Act need to be particularly careful, as do staff and students working with research data that might be equally sensitive or valuable to malicious attackers.
Hide your information from prying eyes!
Trying to keep your desk tidy may sometimes seem like an impossible challenge but it does help you to stay in control of what’s visible on your desk. Sensitive documents should be locked away if you leave your desk unattended. Equally, failing to lock your computer and leaving accounts, personal data or confidential information open on your computer may prompt someone to take advantage of the situation. Always make sure you know who is watching you, especially if you think they might be shoulder-browsing.
If you leave your desk to go to a meeting or make a cup of tea make sure you either log out of your account or lock your computer. You can lock a PC by holding down CTRL ALT DELETE on your keyboard or by using the Windows key + L combination.
If you are using a public or shared computer to work on, ensure you log out all your accounts before leaving and do not use the ‘save password’ function.
It may be very convenient to make use of that 'free' Wi-Fi unexpectedly offered somewhere, but unless you know, and trust, who is offering the service it would be unwise to access services such as University email or online banking over it. You should also exercise caution when using Wi-Fi in untrusted environments attackers can use 'man-in-the-middle' techniques to trick people into using rogue Wi-Fi access points where passwords can be captured.