Welcome to the University's Information Security Pages
Here are some of the known serious security risks:
This is not new, but to we are bringing this to everyone's attention a further time in view of the seriousness of the threat.
There are two distinct threats with communal log-ins (where groups share the same log-in details; or administrators share their credentials freely; or lecture room computers have communal log-ins and are used by staff for general work):
- the installation of malware on the shared devices, due to lax security policies;
- a lack of accountability for the users of the devices, who might be engaging in prohibited or illegal activity with impunity.
The first is not limited to open access machines, though the problem is exacerbated there; the second is probably widespread due to the common use of project accounts, group accounts, and course accounts.
An 'Information Pack' gives best practice advice and tools.
A particularly convincing phishing email is doing the rounds. This targeted phishing attack has recently been sent out to a small number of Oxford users. The mails in question accurately replicate the University webauth pages (below), and purport to come from
firstname.lastname@example.org, with a subject of "
Reactivate library account":
Always check the URL before you enter your password - in this case, you see what you expect to see
webauth.ox.ac.uk but also a suffix which should not be there:
- You receive a fake email pretending to come from your bank or your email provider, saying there is a problem and asking you to send details about your account in reply (e.g. username and password). Never reply to these emails.
- A website looks like your standard bank log-in screen, but it is actually an impostor and is intended solely to collect your information (e.g. username and password).
- An email claims you have won a raffle/Ebay item/lottery/fortune but they need your account details to send the winnings.
- An email claims that an overseas fortune can be 'laundered' through your bank account and you can keep a share for your help.
How secure is your data? Are you at risk of identity theft? Do you know how best to protect yourself, your personal data and the University? Information security is not just about locking systems down, it is about making informed decisions and providing all members of the University with the tools needed to carry out their work efficiently and securely. This website from the InfoSec team provides information and resources to help you. (See also Website image credits).