Remember, no one within the University or elsewhere should ask you for your username and password, so if any email, text message, or phone caller asks for this information, it will be a scam.
If you have a security breach, or suspected breach on a University device, user account, or system, you must inform the Helpdesk immediately.
Latest scams to be aware of:
Text scam
We have been alerted to a recent increase in reports of a common text scam targeting students to trick them into giving away financial information.
- Text messages are sent to students referencing unusual activity on their account advising them to expect a call from the University’s Finance team.
- Students then receive a telephone call from a private number claiming to be from the University’s Finance team and asking them for details about their bank accounts.
- These messages have NOT been sent by the University's Finance team and you should not proceed with the call.
- Cyber criminals are clever and can be very convincing using messaging designed to look like they have come from the University to trick you into thinking they are legitimate and into revealing personal and or financial information. See advice on how to spot a scam email, text, message or call.
- Please be vigilant of suspicious emails, texts and telephone calls and NEVER give out any personal information or bank details to random callers.
- If you think a scammer has got hold of your bank details, please contact your bank straight away to make them aware and change passwords on your accounts. The sooner you report it the quicker any damage can be limited.
- Do be careful about what information you share online – especially your date of birth or any information that a bank might use to verify accounts or lost passwords. Your phone numbers, home address and pictures of your home, workplace or education setting are valuable material for scammers.
Victims of personal cyber-attacks, in whatever form, may be left feeling vulnerable, angry, or anxious and this can have a serious impact on mental wellbeing. We encourage all students to seek support in such circumstances. Get support from Student Wellbeing and/or the and/or the Student Wellbeing 24-hour helpline .
For more information about staying safe on line please visit AskHerts: Staying Safe online and cyber security
Yearbook scam
Email scam targeting students by asking them to buy a yearbook.
- The sender is appearing as registration@my-yearbook.com and the email subject as ‘Complete Your Yearbook account.’
- The email then asks you to fill in a form with personal details including your name, mobile number, personal and university email address, profile picture and the degree you have achieved.
- The form requires you to pay either a £5 or £10 fee, which the scammers then use to set up recurring payments from your account.
- If you have received this email do not click on any links in it or enter your information in the form, instead just delete the email.
Fraudulent emails, texts, calls, and messages
Using technology to protect your devices and user accounts
Reporting scams and accessing support
Fraudulent emails, texts, calls, and messages:
How to spot a scam email, text, message or call
If you suspect you have received a fraudulent email, text, or message:
- do not click on any links or attachments
- do not reply, especially be wary of an 'unsubscribe' link. If you do reply, then the spammers know that your address is valid and you will receive more spam.
- delete the email, text, or message from your inbox.
If you have inadvertently responded to a fraudulent message with your University account details, you must immediately contact the Helpdesk:
Telephone +44 (0)1707 284678 or ext 4678. (available 24/7)
Email: helpdesk@herts.ac.uk (Monday to Friday 08:00 to 17:00)
If we notice anything suspicious with your university account, we will promptly reset your password to protect your account. If you do not have Multi-factor Authentication (MFA) enabled, your account will be disabled. You will need to contact our helpdesk to reinstate your account.
Remember, you can change your password anytime by going to pss.herts.ac.uk
Quishing
- Quishing is a type of phishing attack that uses QR codes to trick people into visiting a malicious website or downloading a virus-filled document.
- Quishing works by creating fake QR codes that mimic legitimate ones. Scammers then place these codes on flyers, labels, posters, or any other public space where people can scan them. Once the user scans the code, it takes them to a counterfeit website that looks like the real thing.
- They can also be planted into emails as images or within attachments.
Email security at Herts
The University uses email security software (Mimecast) to provide you with greater protection against harmful emails and phishing attacks, keep more spam out of your inbox and help prevent data from getting into the wrong hands.
Greater protection against spam and junk email - Mimecast allows you to view and control your held messages providing both greater protection against spam and harmful emails whilst allowing you to stay in control of your email and ensure that genuine messages aren’t missed and are released to your inbox.
Incoming emails are scanned for viruses and spam to prevent harmful emails from being delivered to your University @herts.ac.uk email account. Any emails identified as potentially harmful or spam will be held and you will receive a daily email from postmaster@herts.ac.uk with the subject ‘You have new held messages’ detailing any held messages with the option to release, permit or block each held email (see image below):
- Release - delivers the held message to your inbox but will continue to hold future messages from the same sender
- Permit - delivers the held message to your inbox and marks future messages from this sender as safe
- Block – removes the message, adds the sender to your personal block list, and prevents any further emails from that address reaching your mailbox.
Please note that held messages will be deleted after 14 days if not released.
You can also log in to the Mimecast personal portal at https://go.herts.ac.uk/email-security-portal to view your held emails and release them if necessary. Login with your UH username username@herts.ac.uk and password. For more information see Mimecast's guide for managing held messages via the personal portal.
Link protection - Mimecast protects the links that you click in emails by redirecting you through their secure servers to determine if a website is harmful. So, you may notice that some web links contained in your emails could display a different url address, which is normal. For example, a link to https://bbc.com would become https://url.uk.m.mimecastprotect.com/s/munyCwEQYFk4vmzIqrex9?domain=bbc.com.
Attachment protection - Mimecast scans attachments for known threats and harmful content before it is delivered to your inbox. If someone sends you an attachment with harmful content, then the email will be blocked completely. If the sender is legitimate, but the attachment is harmful, the email will be delivered without the attachment included or sometimes you may receive a PDF attachment which is safe to view when you expected a different file format.
Undeliverable emails - if you send an email from your @herts.ac.uk email account that is undeliverable you will now receive a PostMaster email from Mimecast rather than exchange online. This is expected and you do not need to contact the Helpdesk.
If you receive notification messages from Mimecast alerting you to a blocked link, attachment or email. Please follow the instructions and if you have any questions or if you think an email has been classified as spam by mistake or if a link or attachment has been blocked in error please contact the Helpdesk on 01707 284678 or email at helpdesk@herts.ac.uk.
Using technology to protect your devices and user accounts
- Use two-step authentication on your accounts (also known as 2FA or multi-factor authentication). This is typically free when using an app.
- Use a hardware key. You will need to buy this and be aware that not all hardware keys are compatible with all services.
- This article explains more about the different authentication methods you can use and why.
It is a requirement that your Herts University login account is protected with multi-factor authentication (MFA).
Find out more about MFA on your student login account and how to manage your settings and devices
- Secure your Wi-Fi; use eduroam when on campus. Think twice before connecting to free public Wi-Fi!
- Install anti-virus/anti-spyware software and a firewall.
- Keep your computer software, web browser, and security up-to-date.
- Update your device operating system (OS)
- If you wish to access UH systems from a mobile phone or tablet, please ensure your device has the latest operating system patch installed.
- You should not attempt to connect to UH systems from a device no longer supported by its manufacturer.
- Don't use obvious passwords e.g. birthdays. See our guidance for setting up your University password.
Smart devices
‘Smart devices’ are the everyday items that connect to the internet – like speakers, security cameras, or fitness trackers. And just like your phone or laptop, if they are unprotected, smart devices can be hacked to put your data and privacy at risk.
- Protect it with a strong password
- Turn on two-factor authentication (2FA)
- Always accept automatic updates
- Perform a factory reset if returning/trading in
- Find out more: Using passwords to protect your devices & data
Online gaming
An estimated 1.2 billion of us are regularly logging on, signing up, and playing online.
- Unfortunately, whenever money or personal data is changing hands online, criminals can be watching, looking for some way to turn the situation to their advantage.
- Find out more: How to enjoy online gaming securely by following just a few simple tips
- Never use your University username, email address, or password for online gaming