August and September are two of the School’s busiest months.
We are all working ‘round the clock to prepare for a new academic year. This means registering new students, supporting returning students, and onboarding new staff. Academic staff are organising their departments, professional services are getting ready both on campus and online.
Hackers know we are vulnerable now – and they want to take advantage.
Hackers are increasing the number of and severity of phishing attacks between now and Michaelmas Term 2022.
Don’t sink the LSE! 90% of cyber-attacks start from a phishing link.
If your LSE account is compromised, stolen credentials, coupled with their other hacking tools, could enable a hacker to disrupt or even freeze all LSE operations! This could have serious ramifications for a successful start to the new academic year. A ransomware attack could destroy research data or delete HR and financial information. This includes stealing personally identifiable information about you and your colleagues.
What can you do?
1. Think before click!
The right phish at the wrong time will catch anyone.
But you can be safe if you recognise the warning signs of social engineering:
- Does the email make you feel anxious, confused, curious, ashamed? Does it have a sense of urgency?
- Does it ask you for a favour? Is it trying to flatter you, asking for your confidence and discretion?
- Is it offering a prize or money? It’s probably too good to be true!
- Hackers have been known to impersonate your email address – this is called “spoofing” – to scare you.
- They also pretend to be someone more senior than you – this is called “whaling”
- Any email with a link or attachment asking for your login credentials should be treated with extra caution. LSE will never ask you for your password
Be sceptical! And extra careful – phishing might catch you off-guard when checking emails on your mobile device.
Even if you know it’s phishing, someone else at LSE might not. It’s always good to report!
Send us the suspicious email as an attachment so we can investigate further. We can block malicious senders and remove phishing emails from other LSE inboxes
3. Be a Cyber Security Champion
Not tech savvy? Think again! Social engineering isn’t very technical, but it’s the number one powerful threat that we need your help to defend against!
- Talk to your colleagues and course mates! User awareness is our first layer of defence against cyber criminals. Building a positive culture of cyber security awareness at LSE needs everyone actively involved.
- Visit our LSE webpage to learn more tips & tricks to protect your account and data
- Take our Cyber Security Awareness course! It’s available on Moodle and an annual requirement for all staff to complete
We want LSE to be the safest place to study, work, and research. You can make that happen by becoming a Cyber Security Champion for your department or division.
Contact us at dts.cyber.security.and.risk@lse.ac.uk if you’d like to learn more. We will also start recruiting and training new Champions this Michaelmas Term, so stay tuned!
Image description:A boat representing LSE is crossing a sea of phish! Michaelmas Term 2022 is the island we're quickly approaching Image text:Warning: there's a lot of phish attacking LSE this summer. Smelly phish to beware of: Click here to change your password!Your account storage is full!A document has been shared with youCongrats! You’ve won a prizeVisit our Phish Bowl for more examples. Hackers want YOU to reel in a phish. Think before click!