Fraudulent emails, spam, and phishing attacks.

Remember, no one within the University or elsewhere should ask you for your username and password, so if any email, text message, or phone caller asks for this information, it will be a scam.

If you have a security breach, or suspected breach on a University device, user account, or system, you must inform the Helpdesk immediately. 

• Fraudulent emails, texts, calls, and messages 
• Quishing
• Email security at Herts 
• Using technology to protect your devices and user accounts 
• Smart devices 
• Online gaming 
• Reporting scams and accessing support

Fraudulent emails, texts, calls, and messages:

How to spot a scam email, text, message or call

If you suspect you have received a fraudulent email, text, or message:

• do not click on any links or attachments
• do not reply, especially be wary of an 'unsubscribe' link. If you do reply, then the spammers know that your address is valid and you will receive more spam.
• delete the email, text, or message from your inbox.

If you have inadvertently responded to a fraudulent message with your University account details, you must immediately contact the Helpdesk:
Telephone +44 (0)1707 284678 or ext 4678. (available 24/7)
Email: helpdesk@herts.ac.uk (Monday to Friday 08:00 to 17:00)

If we notice anything suspicious with your university account, we will promptly reset your password to protect your account.  If you do not have Multi-factor Authentication (MFA) enabled, your account will be disabled. You will need to contact our helpdesk to reinstate your account.

Remember, you can change your password anytime by going to pss.herts.ac.uk

Quishing

• Quishing is a type of phishing attack that uses QR codes to trick people into visiting a malicious website or downloading a virus-filled document.
• Quishing works by creating fake QR codes that mimic legitimate ones. Scammers then place these codes on flyers, labels, posters, or any other public space where people can scan them. Once the user scans the code, it takes them to a counterfeit website that looks like the real thing.
• They can also be planted into emails as images or within attachments.

Email security at Herts

The University uses email security software (Mimecast) to provide you with greater protection against harmful emails and phishing attacks, keep more spam out of your inbox and help prevent data from getting into the wrong hands.

Greater protection against spam and junk email - Mimecast allows you to view and control your held messages providing both greater protection against spam and harmful emails whilst allowing you to stay in control of your email and ensure that genuine messages aren’t missed and are released to your inbox.

Incoming emails are scanned for viruses and spam to prevent harmful emails from being delivered to your University @herts.ac.uk email account.  Any emails identified as potentially harmful or spam will be held and you will receive a daily email from postmaster@herts.ac.uk with the subject ‘You have new held messages’ detailing any held messages with the option to release, permit or block each held email (see image below):

• Release - delivers the held message to your inbox but will continue to hold future messages from the same sender
• Permit - delivers the held message to your inbox and marks future messages from this sender as safe
• Block – removes the message, adds the sender to your personal block list, and prevents any further emails from that address reaching your mailbox.

 

Please note that held messages will be deleted after 14 days if not released.

You can also log in to the Mimecast personal portal at  https://go.herts.ac.uk/email-security-portal to view your held emails and release them if necessary. Login with your UH username username@herts.ac.uk and password.  For more information see Mimecast's guide for managing held messages via the personal portal.

Link protection - Mimecast protects the links that you click in emails by redirecting you through their secure servers to determine if a website is harmful. So, you may notice that some web links contained in your emails could display a different url address, which is normal. For example, a link to https://bbc.com would become https://protect-eu.mimecast.com/s253462825?domain=bbc.com.

Attachment protection - Mimecast scans attachments for known threats and harmful content before it is delivered to your inbox. If someone sends you an attachment with harmful content, then the email will be blocked completely. If the sender is legitimate, but the attachment is harmful, the email will be delivered without the attachment included or sometimes you may receive a PDF attachment which is safe to view when you expected a different file format.

Undeliverable emails - if you send an email from your @herts.ac.uk email account that is undeliverable you will now receive a PostMaster email from Mimecast rather than exchange online. This is expected and you do not need to contact the Helpdesk.

If you receive notification messages from Mimecast alerting you to a blocked link, attachment or email.  Please follow the instructions and if you have any questions or if you think an email has been classified as spam by mistake or if a link or attachment has been blocked in error please contact the Helpdesk on 01707 284678 or email at helpdesk@herts.ac.uk.

Using technology to protect your devices and user accounts

• Use two-step authentication on your accounts (also known as 2FA or multi-factor authentication). This is typically free when using an app. 
• Use a hardware key.  You will need to buy this and be aware that not all hardware keys are compatible with all services. 
• This article explains more about the different authentication methods you can use and why.  

It is a requirement that your Herts University login account is protected with multi-factor authentication (MFA).
Find out more about MFA on your student login account and how to manage your settings and devices 

• Secure your Wi-Fi; use eduroam when on campus.  Think twice before connecting to free public Wi-Fi!
• Install anti-virus/anti-spyware software and a firewall.
• Keep your computer software, web browser, and security up-to-date.
• Update your device operating system (OS)
• If you wish to access UH systems from a mobile phone or tablet, please ensure your device has the latest operating system patch installed.
• You should not attempt to connect to UH systems from a device no longer supported by its manufacturer.
• Don't use obvious passwords e.g. birthdays.  See our guidance for setting up your University password.

Smart devices

‘Smart devices’ are the everyday items that connect to the internet – like speakers, security cameras, or fitness trackers.   And just like your phone or laptop, if they are unprotected, smart devices can be hacked to put your data and privacy at risk.

• Protect it with a strong password
• Turn on two-factor authentication (2FA)
• Always accept automatic updates
• Perform a factory reset if returning/trading in
• Find out more: Using passwords to protect your devices & data

Online gaming

An estimated 1.2 billion of us are regularly logging on, signing up, and playing online.

• Unfortunately, whenever money or personal data is changing hands online, criminals can be watching, looking for some way to turn the situation to their advantage.
• Find out more: How to enjoy online gaming securely by following just a few simple tips
• Never use your University username, email address, or password for online gaming