Online security alerts for UK universities

In recent weeks, cyber criminals have increased their targeting of UK universities seeking to hold them to ransom. They do this by gathering information and gradually gaining access to university systems. You may have heard in the news this week that two UK universities have had to close campuses and shut down IT services due to ransomware attacks.

Cyber criminals want to discover your usernames and passwords to access IT systems. Don’t give them what they want!

If any of the following is in doubt, please contact the IT Service Desk immediately emailing servicedesk@brighton.ac.uk.

How to identify a secure website address

Please be extremely vigilant when accessing web pages, text messages, downloading software and reading your email. Remember to stop and think before clicking on links. Never enter your university username and password into a web page unless you are certain that it is a genuine University of Brighton site.

A secure University of Brighton site will have an address that starts with https:// and not just http:// And, our web addresses featuring the domain name brighton.ac.uk are followed by a single / in the address such as the following example formats:

• https://mystudies.brighton.ac.uk/
• https://my.brighton.ac.uk/
• https://sts.brighton.ac.uk/adfs…. (this is the site for signing into several university online services)

Below are examples of non-secure UoB addresses (i.e. are not University of Brighton addresses). The last part before the first single / shows you where they are really going:

Note that the first real web address is weebly.com not brighton.uni Plus the .uni part will never be used by the university so is a fake site.

Tips to keep safe using email

Here are some tips when checking emails from unexpected sources.

Check the Sender

• Role: Are they the right person to send a message like this?
• Do they work for the organization they claim to?

If NO to any of the above, don’t click the link!

Check the Content

• Does the message try to scare you or put you under pressure to act fast?
• Does it offer you something too good to be true?
• Is the spelling and grammar odd or unprofessional?
• Does it describe processes that are unfamiliar to the university?
• Is the message or request unexpected?

If YES to any of the above, don’t click the link!

Check links

When using a desktop computer, hover your cursor over links to check where they are going. The message below looks like something university staff and students might expect to see, using words like ‘IT Service Help Desk’ or ‘Service Desk’. However, resting your mouse over the link will show you that it is not taking you to a safe university site:

Top tip for mobile device users

You can touch and hold down your phone’s screen on any suspicous button or hyperlink beforee visiting the website to check the actual web address. This should work on both Android and Apple mobile devices.

Even if the link looks OK, this is no guarantee of security.

If you have any doubts, ask someone else for a second opinion, or contact the source of the email in the usual way, but not by clicking on the link.

Finally, don’t open attachments in email messages unless you are expecting them. Be particularly careful of any documents with macros.

If you are in any doubt as to whether an email is legitimate or not, please contact the Service Desk before taking any action with it.

IT Service Desk
Information Services
Tel: 01273 644 444
Email: servicedesk@brighton.ac.uk