Cyber Security for every month!


We all have to keep our wits about us at all times. Indeed, if we rest on our laurels, then the scammers get their chance to pounce and do damage which can take an organisation down – possibly for weeks!

Major incidents can, and do, start from phishing attacks that give the scammers their electronic way into an organisation.

Why is phishing so dangerous?

Phishing is an example of social engineering – hacking the human – persuading you to give away information such as login details, passwords or simply other random bits of information that the bad guys then put together with stuff that you may have shared elsewhere (like social media) and would be harmless until it is combined with the information they have tricked out of you.

How can you spot a potential phishing scam?

Things are not always what they seem. It used to be easy to spot these attacks, but the bad guys have wised up and it’s quite difficult to reliably identify phishing attempts. However, there are a few things you can do to make a reasonable assessment. The bad guys want you to do something and they will either try to tempt you with something that sounds wonderful (if it sounds too good to be true, it probably is) or tell you something awful will happen unless you take action ( playing on fears or concerns such as your email account may be deleted if you don’t respond with your password or your important delivery may be sent back unless you give some information).

What we do to prevent these getting through?

IT put in protections to prevent many of the attempts, but some will get through the defences and then we rely on all of you to batten down the hatches and tell us about the hailstorms in case they are localised.

What should you do about it if you suspect a phishing attempt?

Well, this depends on whether you have clicked on anything... but please don’t just ignore the problem – it won’t go away on its own.

  1. If you haven’t done anything more than read the message, you can simply delete it. If you wish to help us get a full picture of the nasty stuff out there, you can send a copy to help@london.edu and then delete it.

  2. If you clicked on a link but entered no information, then tell us (help@london.edu) if you can, but there should be no further problem and no further action needed.

  3. If you clicked on a link and entered information, definitely tell us(help@london.edu and infosec@london.edu) and, if you entered a password in particular, then you will need to change your password everywhere you used that password. Of course, you should have different passwords for different sites.
Locks and bolts.

Of course, having a second way of proving who you are means that a password is not the key to the kingdom. Set up two factor or multifactor authentication wherever you have the option – it will protect you! Spot a problem or have a concern?

If you have any questions relating to information security, please contact us at infosec@london.edu. If you wish to report a breach of personal data involving LBS, please contact databreach@london.eduas soon as you are aware.