Students are targeted by cybercriminals and especially so at certain times of the year.
- They take advantage of times when you are in a new situation or under pressure.
- They will use current news and events as 'hooks'.
- They will do whatever they can to deceive you into thinking they are legitimate and into revealing personal information.
We want you to be aware of the dangers and if anything looks suspicious STOP and REPORT.
Cybercriminals are clever and can be very convincing.
- If you do get caught out, don’t be embarrassed about telling someone.
- The sooner you report it the quicker any damage can be limited.
There are lots of digital tools available to help deter cyber criminals but using them correctly and being cyber security aware is a personal responsibility.
Here is our top 10 list of do’s and don’ts:
- Do beware the ‘freshers’ friend.
- Don’t get scammed by fake student loan emails
- Do look out for phishing in all its various disguises
- Do keep your passwords safe
- Do update the operating systems on your devices, software, and apps
- Do use anti-virus software
- Don’t rely on passwords alone: Use multi-factor authentication
- Don’t use illegitimate websites to access ‘free’ content
- Do manage your online profile
- Do be extra careful when you are under stress or time constraints that others may exploit.
And don’t forget to report and seek support if you believe you have been scammed.
This type of scam has been used against University students all over the UK.
- It uses social engineering to identify potential victims and contact them through social media channels before they arrive at University.
- Once in touch, the scammer goes to great efforts to gain their victims' trust. In reality, they are running a confidence trick – befriending people, then stealing money for fake events as well as harvesting bank account and credit card details for use in future financial frauds.
Each year scammers target new students, who arrive at University with large amounts of money in their bank accounts for their course and living expenses.
- One scam is an email claiming to come from the Student Loans Company (SLC) encouraging students to provide their password and financial details to ensure that their student loans arrive on time.
- They may use the Student Loans Company branding and resemble official communications from them.
- The SLC would never request this information from you in a direct email.
Phishing involves an attacker trying to trick you into providing sensitive account or other login information online.
It can take many different forms. Here are just a few examples:
- Vishing, which is short for "voice phishing," is when someone calls you to try to steal information. They may pretend to be a trusted friend or relative or to represent them
- In an email phishing scam, the attacker sends an email that looks legitimate, designed to trick you into entering information in reply or on a site that the hacker can use to steal or sell your data.
- An HTTPS phishing attack is carried out by sending you a link to a fake website. The site may then be used to gather any private information you enter.
- Pop-up phishing uses a pop-up about a problem with your computer’s security or some other issue to trick you into clicking. You are then directed to download a malware file, or to call a fake support centre.
- Social engineering attacks try to pressure you into revealing sensitive information by manipulating you psychologically. For example, by pretending to be a representative of your bank or the student loans company and that you need to take action urgently to protect your account or receive payment.
- Smishing is phishing through some form of a text message or SMS
What should you do if you think you have received a phishing message?
- Block it, report it, delete it.
- If you have not already done so - Do not open it and definitely do not click on any links.
Your password is the key to your digital life and privacy.
- Create passwords that are easy for you to remember but hard for others to guess
- We recommend using a passphrase, which is a sentence-like string of words used that is longer than a traditional password, easy to remember, and difficult to crack.
- Never share your passwords with anyone
- Use different passwords on different accounts
- Nobody at the University will ever ask you to reveal your password – if they do it is a scam
- Lock your computer and device screens when you step away from them
- Don’t forget to change default passwords that come with devices such as modems
If you think your password has been compromised:
- Change your password as soon as possible
- Report it to your account provider
- Be vigilant for suspicious activity or transactions
If your University password has been compromised, or you think it may have been, please contact the Library and Computing Services Helpdesk immediately:
- Telephone: +44 (0)1707 284678 (available 24/7)
- Email: email@example.com
Find out more: https://ask.herts.ac.uk/your-password
- Keep the operating systems on all your devices and software up to date. Manufacturers provide these to keep your devices as secure as possible.
- Updates will be issued if a new cyber threat is discovered
- Use antivirus software on your computers and mobile devices.
- Many free versions are available from reputable companies.
- Keep your anti-virus software up to date.
Multi-factor authentication (MFA), which requires that users authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9 percent over passwords alone. Source: Microsoft
- MFA is required on all student accounts at the University of Hertfordshire. Find out more: https://ask.herts.ac.uk/multifactor-authentication-mfa
- Also known as two-factor authentication, MFA is available on a range of online accounts, from banking to social media. There are many different types of MFA apps available and are recommended by account providers.
- Use MFA whenever possible and make sure you know how to manage your MFA settings and methods.
Find out more: https://ask.herts.ac.uk/multifactor-authentication-mfa
There are many illegitimate websites where you can ‘freely’ stream video or music or download academic resources.
These websites are not safe and may be silently harvesting your credentials and anyone else in your household connected to the same network.
- If you are using these websites, you may be breaching copyright and licensing rules which is illegal.
- Using these websites for academic purposes may also breach the University’s academic integrity regulations.
We know that the cost of living is rising and saving money seems like a good idea, but please don’t use these websites.
- You can safely and legally search and access all the e-books and journals that the University currently subscribes to via the Online Library in StudyNet.
- If you can’t find the academic information you require, please get in touch with Library and Computing Services.
If you are struggling financially, help and advice is available:
- Contact the Student Union
- Contact Student Funding and Financial Support team: firstname.lastname@example.org or phone: +(44) 01707 284800
- University Financial Assistance Fund (UFAF)
- Social media can be a great way to connect and stay in touch with friends and family, and connect with employers, but can be pieced together and misused by cybercriminals.
- Check who you are sharing your information with and how much you are sharing
Start of the new academic year
Emails from UCAS, Student Loans Company, visa information, University communications, sorting out your accommodation, messages from Student Union, and emails from your school of study. There is a lot to do and a lot of information!
- Take the time to double-check that what you have been sent is legitimate.
- Be suspicious if you are being put under pressure to ‘take action quickly' and are being told you risk losing your place or money if you don’t.
- If a sale is too good to be true – it probably is.
- Be wary of ‘click now to get this deal’' offers
Holidays and event tickets
- Tempting vacations and cheap flights? Plenty of phishing opportunities here, unfortunately.
- Bargain event and party tickets? Are they what they seem? Who is selling them and how are you paying them?
- You may be tired, stressed, and time-poor – but don’t let your guard down when it comes to online safety.
Need to earn some extra cash?
- Don’t become a money mule
- Be wary of ‘easy money for little effort’ scams.
- You may unwittingly be acting as a money mule, allowing criminals to ‘wash’ their dirty money through your bank account.
- If you get contacted through social media, then immediately report the account for illegal activity, and hopefully, it will stop someone else from falling victim in the future. You can also report suspected criminal activity to ActionFraud.
Don't feel embarrassed about reporting a scam or attack on your data – scammers are clever, and scams can happen to anyone.
Reporting a scam helps track down and stop scammers. This prevents other people from being scammed.
- If your University login details or accounts have been compromised, or you think they may have been, contact the Helpdesk immediately. +44 (0)1707 284678 or email email@example.com
- Get advice and support from Hertfordshire Students' Union Advice and Support Centre
- If you've experienced cybercrime you can get further help and support from Victim Support.
- Report fraud at actionfraud.police.uk (National Fraud and Cyber Crime Reporting Centre)
- Citizens Advice
Victims of personal cyber-attacks, in whatever form, may be left feeling vulnerable, angry, or anxious and this can have a serious impact on mental wellbeing. We encourage all students to seek support in such circumstances. Get support from Student Wellbeing and/or the Student Wellbeing 24-hour helpline