There’s a lot we can all learn about being cyber aware, but with a few key tips and guidance, we’re here to cover the basics.
This page details some of the most important things to know about staying safe within the digital environment – and you can take a look at our other cyber pages if you need more information.
Scams can come in many forms. We often warn against the threat of phishing emails, but it’s worth remembering that scammers also use other channels, like phone calls or webpages, in an attempt to trick their target. A scammer will often use personal details and appear trustworthy, and sometimes speak with a tone of urgency, in order to get someone to believe them.
Take a look at our cybersecurity awareness films for some examples of how scammers might trick someone.
It’s easy to think that if someone already knows your name, date of birth or your bank sort code, they must be legitimate. This isn’t always the case. Often these details are easy to obtain, and a way that scammers can gain your trust. Below is a list of details a scammer could obtain, whether it be through social media or via an online form:
- Name
- Address
- Date of birth
- Mother’s maiden name
- First 4-6 digits of a credit card
- Bank sort code
- University course or halls of residence
It is worth remembering this; just because someone quotes these details, this is not evidence of their legitimacy.
Visit our section on the University and cyber safety where we explain the ways we will never communicate with you.
Scammers come in many shapes and forms, from individual criminals to large, almost corporate operations. Because of this, it’s harder to generalise and say a scammer will act or appear in a certain way.
However, a common tactic a scammer might use is applying pressure, or a sense of urgency. If you’re on the phone, or receive an email from someone claiming to be from a trusted organisation and they are being pushy, don’t feel obliged to give them any information. There is no harm is taking a step back, and double-checking things if you need to.
If you’re on the phone, don’t be afraid to hang up, and follow up with the organisation via email or a trusted number to verify the call. No one has the right to pressure you into giving your personal details.
- Practice caution: if something doesn’t look quite right, don’t be afraid to double check it or ask for support. Don’t give out your details unless you have verified the organisation who needs them, and why
- Report anything unusual: When you suspect something isn’t quite right, report it to the IT Service Desk; you can email us, call or visit us in person. See our phishing page for more details
- Always use strong passwords, and don’t share them with anyone else: Visit our passwords page for more details
- Make sure your software is up to date: Updating your devices helps to protect against software vulnerabilities, which scammers can take advantage of. When your device prompts you to accept an update, make the time to do this. On your personal devices, ensure you have antivirus software installed
- Keep your working environment secure: As well as using antivirus software, make sure you don’t leave your devices alone and unlocked in spaces where others could access them
- Do account health checks: This could mean taking a look at your sign in history regularly (a lot of online services offer this information), check which devices you have registered for multi-factor authentication (and if any of them are unfamiliar), and check for mailbox rules you don't recognise.
- Ask for support if you need it: contact our service desk on itservicedesk@rhul.ac.uk.
Scams are becoming more and more convincing, and criminals are finding better ways to access the information they want. There are things we can all do to act against cyber crime, but if something does happen, there is no need to embarrassed or feel singled out, as it really can happen to anyone – the most important thing is to report it.
At Royal Holloway, we want to ensure that everyone is protected from fraud and identity theft for both their personal and work accounts. These 10 steps will help you keep your accounts and devices safe.
-
Always question the source of an email. If it is marked as external [EXT] or is not from the domain you are expecting (e.g. rhul.ac.uk) then assume this is a scam email.
-
Never trust phone calls asking for financial information. Students have been receiving fake phone calls claiming to be from banks, police or University finance. If in doubt, always call back to the University switchboard on 01784 443888.
-
If an offer is too good to be true, it probably is. Unfortunately, University accounts may be compromised from time to time. Scammers can use these accounts to offer people jobs, incentives, free things or bargain sales. Always attempt to check in person before handing over any details.
-
Be careful what you share. It is great to come to university and join social groups on platforms like WhatsApp, tell your new friends where you live, and what course you are on. Be aware that sometimes people will use information picked up on social media to try and prove they are from the University when they are not.
-
Always check the website address is what you would expect it to be. Many scams will try to take you to fake Microsoft login pages to capture your account details. If it does not end in Microsoft.com, Microsoftonline.com or live.com, do not log in.
-
Please report any suspicious emails to the IT Services Desk. If you are not sure if the email is legitimate or not, the Cyber Security team will check this for you. You can attach the content of these emails to the report by going to the ‘file’ tab in Outlook and then selecting the option ‘save as copy’ (*.msg).
-
Ensure that your computer, phone and other devices are always running the latest software and security patches. If possible, set your devices to automatically update.
-
Do not install phone apps from anything other than the official Android Play or Apple App Store.
-
Never share your password with anyone or leave it where it could be seen by anyone else, such as a note in your room or on a USB stick.
-
Back up your work. Scams are not the only way you might have a bad day. If all your work is in one place such as your home computer or a USB stick, then you could lose it if one of these are lost or broken. Use your University OneDrive to help protect your work.
Ultimately, we want you to enjoy both the social and the learning part of your life at Royal Holloway. Don’t let the worry of fraud or cyber crime hold you back; be aware of the ways people may try to scam you and make sure you are one step ahead of them.