mobile icon

  Security Threats and Alerts

Security Alert

Remember to check the Service Status page and Twitter for current security alerts.

 

Vulnerability in encrypted Wi-Fi networks –

Update your devices to stay safe!

19th October 2017

 
An academic researcher has discovered a flaw in WPA2, a standard used to secure Wi-Fi networks, which could allow an attacker to read and change information on an encrypted network (such as eduroam).
 
 
The vulnerability has been given the name KRACK, for Key Reinstallation Attacks.
 
In order to ensure that your information remains private, you may need to install software updates on your wireless devices. This is especially important for devices running Linux or Android 6.0 or newer, as these devices have been shown to be particularly vulnerable to the flaw.
 
 
 

 
 

Student Loan Scam Email

September 2017

 
There has been a rise in reports of a student loan scam email.
 
This phishing scam claims to be from the student loan provider, fraudsters are believed to be targeting victims as they prepare to start their new academic year.
 
Victims are duped into giving up personal information that is used to steal their identity and defraud them. The Student Loans Company has confirmed that the email is not genuine.
 
If you receive such a message, please delete it without clicking on any contained links or responding to the sender.
 
If you have clicked on a link in one of these messages, please contact the IS Service Desk​ immediately, so that action can be taken to secure your account.​
 

 


 

Malicious Invoice Emails

26th July 2017

 
Since the beginning of this week, there has been a marked increase in the number of malicious email messages reaching the inboxes of Edinburgh Napier University users, posing as requests to settle an invoice.
 
The sender’s address is obfuscated – the real sending address is preceded with the name and email address of somebody known to the recipient and the message is signed-off with the same name. The message itself contains a link to a website and may look similar to the following:
 
From: <Known Associate [Unrelated email address]>
Subject: Invoice number: 072454
 
Good Afternoon,
 
Thanks for the mail.
 
Please refer to this link for more detailed information about your invoice:
<Link to download malicious document>
 
If you have any further questions about this payment, please do not hesitate to contact me.
 
Respectfully Yours,
<Known Associate>
 
Clicking the link causes your web browser to download a malicious Microsoft Office document and if this file is opened, it will download and run additional malware on your device. This could result in your account being compromised, your device being infected with ransomware, etc.
 
If you receive such a message, please delete it without clicking on any contained links or responding to the sender. It is not possible to readily block the messages based on the sending addresses or malicious links, as these appear to be unique to each message.
 
If you have clicked on a link in one of these messages, please contact the IS Service Desk​ immediately, so that action can be taken to secure your account.​


Warning - Ransomware attack affecting University College London

15th June 2017

Information Services are aware of a ransomware attack which has caused disruption at University College London. As a result of the ransomware infection they have had to remove access to personal and shared network drives, although these have now been returned to service in a limited, read-only manner.
 
Due to this network drive restriction, some other UCL systems are also unavailable. Investigation of the incident is ongoing, but it is believed that the ransomware infection may have arrived at UCL via a malicious email. Although all applicable software updates had been applied and email scanning and anti-virus solutions were in place, the ransomware was still able to run and encrypt files, preventing access to the information held within them.
 
ENU staff are requested to remain vigilant, especially when dealing with emails containing links or attachments, or emails from unknown senders. If you are in any doubt as to the authenticity of an email message, please check with the sender via an alternative method, or seek advice from the IS Service Desk. Further guidance is available on the Email Security page.
 
If you think you may have accidentally:
  • Clicked on a web link in an email which resulted in unexpected or suspicious activity
  • Opened an attachment in an email which resulted in unexpected or suspicious activity
  • Are experiencing any other unexpected or suspicious activity on your PC e.g. pop-up messages
 
Please disconnect your PC from all wired and/or wireless networks and contact the IS Service Desk immediately.
 
To minimise the risk of disruption caused by a ransomware infection, please ensure that all University data is stored in an appropriate location such as the H: and S: drives or SharePoint, as these areas are backed up on a regular basis.
 
Information Services will not be able to recover any data which is stored locally e.g. on your PC C: drive or an external USB drive, in the event that it is encrypted by ransomware.

ENU Ransomware Security Risk & MyDrive service

13th May 2017 

Information Services are aware of a major security risk affecting organisations from a range of business sectors. Multiple large-scale organisations have been affected by “Ransomware” where staff or students may receive pop-up windows on their Edinburgh Napier or personally-owned devices demanding payment to Decrypt their data. An example of these pop-ups is below. As part of our response to this security risk Information Services have taken the precautionary measure of removing access to the MyDrive service (http://mydrive.napier.ac.uk).
 
We will issue further announcements of any changes as more information becomes available.
 
You can still access your data (e.g. personal ‘H’ drive) by using our Virtual Desktop Service on desktops, laptops and mobile devices. The link below will give guidance on how to access this service. If you need assistance in using this service please contact the IS Service Desk and we will be happy to help.
 
Further information about Ransomware can be found here.
 
If you receive any emails that appear as having suspicious attachments, unfamiliar web links or ask for your login information then please delete the email immediately and take no action.
If you have received any suspicious emails and:
  • Clicked any suspicious web links
  • Supplied any details
  • Or are receiving pop-ups similar to below
Then please disconnect any equipment and contact the IS Service Desk immediately by calling 0131 455 3000.
 

 
 
Further information and guidance on Email Security can be found here.
 
More information on the particular security risk is available from the UK’s National Cyber Security Centre (NCSC):
http://www.actionfraud.police.uk/news/nhs-hit-by-large-scale-cyber-attack-may17

 


 

Malicious Mobile Bill/Invoice/Delivery Note Emails

19th April 2017

​Since the beginning of last week, there has been a marked increase in the number of malicious email messages reaching the inboxes of Edinburgh Napier University users. These messages take various forms, including:
 
O2 Mobile Bill
Vodafone Mobile Bill
Invoice Notice
UPS Delivery Notice

 
The sender’s address is obfuscated – the real sending address is preceded with the name and email address of somebody known to the recipient and the message is signed-off with the same name. The subject line and body text may refer to the recipient themselves. The message itself contains a link to a website and may look similar to the following:
 
From: Known Associate [Unrelated email address]
Subject: Invoice 0000735 from Lastname, Firstname (F.Lastname@napier.ac.uk)
 
 
You have received an invoice from LASTNAME, FIRSTNAME (F.LASTNAME@napier.ac.uk) for £4,879.88. To view, print or download a JS copy of your invoice, click the link below:

<Link to download malicious JS file>

Best regards, Known Associate

 
Clicking the link causes your web browser to download a malicious JavaScript file and if this file is opened, it will download and run additional malware on your device. This could result in your account being compromised, your device being infected with ransomware, etc.

 
If you receive such a message, please delete it without clicking on any contained links or responding to the sender. It is not possible to readily block the messages based on the sending addresses or malicious links, as these appear to be unique to each message.

 
If you have clicked on a link in one of these messages, please contact the IS Service Desk​ immediately, so that action can be taken to secure your account.
 
 

Cisco WebEx Browser Extension Vulnerability

February 2017

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute code with the privileges of the affected browser on an affected system.

This vulnerability affects the browser extensions for:

  • Cisco WebEx Meetings Server
  • Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows.

If you use WebEx you should ensure that any WebEx browser plugins/addons/extensions are fully up-to-date.

Find out more...

 


Phishing attack targeting university students

 
Information Services is aware of a phishing campaign which is specifically targeting students, with the goal of stealing their personal information and bank account details.
 
The emails claim that the recipient has been awarded a grant and asks them to click on a link to provide personal and banking details. Edinburgh Napier University students must not follow the instructions in any such messages they may receive.
 
For further information about this attack, please see the ActionFraud news article at http://www.actionfraud.police.uk/news/phishing-attack-targeting-university-students-may16.
 
If you believe that you may have clicked on a link in one of these messages and provided your personal information, please contact the IS Service Desk immediately.

 

 

Fraudulent Email Warning

 
Information Services has continued to receive reports of fraudulent emails informing customers that their mailbox has been compromised or that it requires an update. These messages contain links that if clicked will compromise the security of your network account.
 
If you receive any messages of this kind, delete them from your mailbox and empty your Deleted Items folder. If you believe you have clicked on one of the links in these messages, please contact the IS Service Desk via ISServiceDesk@napier.ac.uk or ext 3000. Samples of these fraudulent messages are below.
 
Email warning 


 
 

Remember:

Although all incoming email to the University is automatically filtered to provide protection against dangerous or “spam/phishing” email you should still be extremely vigilant when clicking on links embedded within any emails.
 
You can check links within emails before clicking by hovering your mouse over them.  The URL will then pop up next to the link or at the bottom left hand corner of your screen.  If you don’t recognise the URL don’t follow the link!
 
If you receive such a message then the most effective way to deal with it is to use the “Report Junk” option in Outlook to report it directly to our incoming email filtering service. Then delete the message from your inbox and deleted items folder.
 
Information Services will never send an email asking for your password.
 

 

 


 
 
 
 
 
 
 
 
www.napier.ac.uk | Edinburgh Napier Mobile App