Cyber Security: Phishing remains top threat at UoR

Phishing (pronounced “fishing”) is a cybercrime that involves tricking individuals into divulging sensitive information such as passwords, credit card details, or personal identification.

How big is the threat?

Phishing attacks continue to be a major concern worldwide, with a significant impact on individuals and organizations alike. In 2021, phishing attempts accounted for 83% of the total number of cyberattacks reported globally, underscoring the prominence of this threat. In 2022 this number increased to 90%. In 2023 initial reports suggest this is likely to remain as high or even be higher.

Remember: It only takes one person to click on the wrong link for our whole network to be exposed to criminal activity – don’t let that person be you!

What should I look out for?

Here are the top ten email subjects from recent spam attempts (in no particular order). As you can see, often the phisher has got information about you, your manager and your organisation to make the email seem more realistic.

Unusual sign in activity

Click to enlarge

  1. Urgent!
  2. HR: Staff Rewards Program
  3. IT: Important Email Upgrades
  4. Activate your DropBox account
  5. Your payment is overdue
  6. Microsoft 365: [display_name], Password has expired
  7. Amazon: Action Needed: Purchase Attempt
  8. Available? [manager_name] is trying to contact you
  9. Teams: [manager_name] invited you to join a Team
  10. Microsoft 365: [display_name], MFA Security Review is Required

Here are some commonly impersonated organisations:

PayPal scam

Click to enlarge

  • Your own *
  • Microsoft (including Teams, OneDrive, SharePoint)
  • LinkedIn
  • Google (including Google Chat and Google Docs)
  • PayPal
  • WeTransfer
  • WhatsApp
  • HSBC
  • Instagram
  • HMRC and other government departments

*Hackers pretending to be someone from your own organisation has the most success and has increased during 2023. 

What can I do?

It’s crucial to arm yourself against phishing attacks to ensure your personal and academic information remains secure. Here are some essential steps to take:

Keep Yourself Updated: Awareness is your first line of defence. Understand the tactics used in phishing attacks and train yourself to identify suspicious emails, messages, or websites. 

Verify the Source: Before clicking on any links or sharing personal information, verify the sender’s identity. Be cautious even if an email or message appears to be from a familiar source.

Stay Cautious: Be wary of unsolicited emails, especially those requesting personal or financial information. Legitimate organizations rarely ask for sensitive data via email.

Think Before You Click: Avoid clicking on suspicious links or downloading attachments from unknown sources. Hover over links to see the actual URL before clicking.

Use Strong, Unique Passwords: Create strong passwords using a combination of letters, numbers, and symbols. Avoid using the same password for multiple accounts.

Enable Multi-Factor Authentication (MFA): Set up MFA for an extra layer of security by requiring a second form of verification, such as a code in an Authenticator app, in addition to your password. This makes it significantly harder for attackers to access your accounts.

Keep Software Updated: Regularly update your operating system and applications. Cybercriminals often exploit known vulnerabilities in outdated software.

Use Apps Anywhere to make sure you are using the most up to date version of software with the latest security patches.

Report Suspicious Activity: If you receive an email or message that seems suspicious, report it to us. Your vigilance could help protect others from falling victim to the same attack.


Further information and contact

We have a Cyber Security section on the DTS website, which also includes information about spotting phishing attempts. 

For more general information about keeping yourself safe online, have a look at the National Cyber Security Centre website.

If you have any questions or need any advice, please contact the IT Service Desk.

LapSafe: a new laptop loan service for students

Digital Technology Services (DTS) are pleased to announce the introduction of a laptop loan service for students, known as LapSafe.

Addressing the issue: Digital Poverty

A student survey from Reading’s Student Union in 2021 highlighted that 70% of students thought that their laptop/computer had negatively impacted on their learning with 13% of those students stating they had no regular access to computers at all.Students studying in the library

A suitable computer is necessary to access learning material in Blackboard, to access core teaching software, to participate in blended learning, and to enable students to study flexibly on campus, in halls of residence, in the library, study spaces, lecture theatres, seminar rooms and even from home.

“Digital poverty has created inequalities in the learning experience and ultimately the learning outcomes of some of our students which must be addressed to ensure they have equal opportunities to succeed.”

Our aim is to provide an easy to access, centrally located laptop loan service to give all students access to a consistent and reliable device to positively contribute to their learning.

What is LapSafe?

Using a grant from the Office for Students, we have purchased 100 laptops for short term loans to students. We have also purchased 96 lockers, which are specifically designed for this type of laptop loan service. Laptops can be loaned and returned 24×7 (or at least while the Library is open) using these lockers.

We are calling this loan service “Lapsafe”, after the lockers.

Lapsafe lockers in the Library

Click to enlarge photo

The LapSafe lockers are self service lockers (similar to Amazon or Evri lockers).  Each locker contains a laptop which is fully charged and ready to be used.

Students use their student Campus Card to log in to the console screen and then follow instructions to request or return a loan.

How to borrow a laptop from the LapSafe lockers

There is a bank of “hot desks” set up in the Library that the loan laptops can be plugged into. There is no restriction where you can use it. The LapSafe laptop can be taken out of the Library to a lecture or Halls, or off campus if needed.

Frequently Asked Questions

Who can use them?

Any student with a valid UoR Campus Card. You will need a student Campus Card to be able to take out a loan laptop. This is in addition to the hardship or disability laptop loans.

Staff who need to borrow a laptop should contact DTS.

How long are they loaned for?

Laptops are loaned on a first come, first served basis, and can be loaned for up to 8 hours at a time (or until the battery runs out). If you need it for longer, return and borrow a new one.

One laptop is allowed per student card.

What is the spec of the devices?

We’ve chosen a higher spec Windows 10 device which all current curriculum software will run on. All devices are Microsoft Surface Pro 7 (i7/16GB/256GB) laptop, with a Type Cover keyboard.

Where are they?

Lockers can be found in Whiteknights Library – on the first, second and third floors. By having them in the Library, students can take advantage of the IT Service Desk counter located on the first floor if they have any issues.

When are they available?

The lockers are available now!

There will be a marketing campaign aimed at students and full launch in October. In the meantime, we hope that students will make use of the laptop loan service during the summer so we can iron out any issues before the beginning of the new academic year.

What is in the future?

We’ll monitor how the lockers in the Library are used, which will give us an indication of how we can best utilise them. We are considering:

  • A longer loan period (which will need us to supply chargers)
  • Incorporating the laptop loan app into the student app, so you can reserve a laptop for collection without having to go to the Library
  • Situating lockers in other parts of the University (e.g. London Road, Earley Gate)

Plus anything else that comes up once the lockers are in use.

Further information

You can find full instructions (as well as the terms and conditions) on our dedicated webpage.

Information specifically aimed at students is on this Essentials webpage.

If you have any questions or need any further information, please contact DTS.

VPN upgrade Tuesday 27th June 1300-1700

Pulse secure logo

This has been completed

When: Tuesday 27 June, 1pm to 5pm
Where: VPN connections
Who is affected: Anyone using VPN to remote into UoR services between 1pm and 5pm during the change window.

On the afternoon of Tuesday 27th June, DTS (with support from the supplier) will be carrying out essential maintenance to our VPN service. VPN will be considered “at risk” between 1pm and 5pm on 27th June.

This means that there may be short interruptions to the service during this time. You may lose your connection or be unable to connect during the change window.

What do I need to do?

Without VPN, you will not be able to access collab file shares, certain business systems, remote desktop, and some research systems.

You do not need VPN to access your email, Office 365 (Word, Excel etc.), Teams, and OneDrive.

You do not need VPN if you are on campus and connected to the wired network.

Will I notice any difference due to this work?

After the upgrade, you may notice a change in branding from Pulse to Ivanti if you connect via a browser. The connection address will remain unchanged, uorvpn.reading.ac.uk. The desktop client will still be “Pulse Secure”.


Further information and help

This change is being carried out under change reference: C-2306-491

For updates, please check the IT Status Hub.

If you need to speak to us about this change or would like advice please raise a ticket with the IT Service Desk or email dts@reading.ac.uk

Emails: Advice for senders

How to stop your email being sent to the Junk Email folder or reported to us as phishing

If you receive an email that you are worried about, DTS are always happy to take a look and advise. Often these turn out to be legitimate emails which have raised red flags with the recipient as a potential phishing attempt. We also see people reporting missing emails, as the emails are being diverted to email Junk folders or sent to Microsoft Quarantine because they have been flagged as spam. 

Junk Email folder in Outlook

Junk Email folder in Outlook

Here we look at a few ways you can make sure emails you send avoid being deleted, quarantined or marked as spam or junk. 

Following these tips will help friends and colleagues determine whether your email is genuine. 

What can I do?

Help emails reach their intended recipient by following these tips: 

  • Proofread your emails and check grammar
  • Have a coherent and relevant subject line:
    • Don’t use CAPITALS, emojis 😀 or exclamation marks !!!!! in the subject line
    • Single word subject lines such as Urgent! or Information? are more likely to get sent to junk.
    • Avoid spam filter trigger words in the subject line e.g. Urgent!, Limited Time!, Available?
  • Don’t send the email content as a picture which may get blocked
  • Limit the number of colours and fonts you use, which also helps with Digital Accessibility. 
  • Address the email to the person you are emailing, e.g. Hi John
    • If you are bulk emailing, consider using mail merge to address people separately
  • If you have a link in an email, particularly to personal details, provide an alternative route to that information. For example, a link might say “Access your staff account“. If you add “or go to the Staff Portal and click the link to the Staff Self Service”, you are giving people an option of finding their own way without relying on the link. 

Emails from or on behalf of the University occasionally get trapped by the Microsoft spam filter. If you are sending emails, here is some additional guidance.

  • Sign off from a named person, rather than a department or team. This gives people a point of contact and someone they can look up on the staff directory.
  • Add your University email signature to the end of the email
  • Use the correct language and spelling for University terms; see the UoR House style guide
  • Send from an @reading.ac.uk email address where possible.

If an email will come from an external email address (for example a third party who are providing a service), make sure you check what they are sending also follows this guidance. 

Someone typing on a computer keyboard

 

You should pay particular attention to your email content if you are sending an email out to many people at once (which may look like spam), or if you want people to click a link (which may look like phishing).

Why does it matter?

Apart from the obvious that you want people to read your emails…

If people report University of Reading emails as spam to Microsoft, then all emails from @reading.ac.uk will start to be scrutinised and potentially held in quarantine. The same is true from a personal email address.

Further reading

We have a Cyber Security section on the DTS website, which also includes information about spotting phishing attempts.

Also check our Digital Accessibility Resources  which can help further with content and displaying images.

Contact

If you have any queries or require any advice, please contact the IT Service Desk.

Eduroam (Wi-Fi) maintenance schedule 24/01/23

Tuesday 24th January – Whiteknights/London Road

What is happening?

DTS are doing some work on the Eduroam Wi-Fi service between the hours of 1900 and 2200 on Tuesday 24th January. During this time there may be some interruptions in the Wi-Fi signal whilst changes are carried out.

Where: Whiteknights/London Road
When: 1900 to 2200 – see schedule of works
Who is affected: Everyone (staff and students)

This work forms part of the ongoing upgrade and improvement to Wi-Fi availability on campus.

Schedule of works

Please note timings are for information only and are subject to change. 

Testing will place at 7pm in the Mathematics/DTS building. The Library will be last at approx. 8.15pm. London Road will start at 8.15pm and should complete by 9pm.

1900-1930

1930-2000

2000-2030

Mathematics & DTS (testing) Polly Vacher Meteorology
JJ Thomson Allen Lab Palmer
Philip Lyle Wager Miller
Minghella Studios ICMA Agriculture
Sports Park Russell Mathematics & DTS
Hopkins Student Union Park House
  Carrington Cedar Hotel
  Chemistry Archway Lodge
  Health & Life Sciences Harry Pitt
  Henley Business School (Whiteknights) Whiteknights House
    Estates
    Foxhill House
    Edith Morley
    Library

Contact

If you have any questions or need any advice, please contact the IT Service Desk

Microsoft to Disable Legacy Email Protocols 01-10-22

What is happening?

Microsoft are making a mandated change on the 1st of October 2022 and will be retiring Basic Authentication for legacy protocols in Exchange Online.

About email and authentication

When you send an email from your reading.ac.uk or student.reading.ac.uk account, the email contains additional information which advises our Microsoft Exchange email server that you are authorised to send email from that email programme and email account. If you are sending email from an unsupported programme or account, you will get an error message.

The majority of apps, services and websites use Multi-Factor Authentication (MFA), i.e. as well as username and password you need to set up an additional check when logging in, whether via an app or by entering a code sent by email, phone call or text message.

There are some legacy programmes which use Basic Authentication, i.e. username and password only. Support for this is being removed by Microsoft in their Exchange email server on 1st October 2022.

What does this mean for me?

If you are using an email programme with only Basic Authentication, you will not be able to send emails from 1st October and beyond.

Who is affected?

This affects people who are using either an old or nonstandard email app, e.g.

  • If you use older Outlook email programmes, i.e. Outlook 2010 or Outlook 2013
  • If you are on a mobile device and using a non-native email app
  • If you use Thunderbird or Spark as your email client (mainly Mac users)
  • If you manually configured your email client, i.e. you put in your own information when you added your profile, which are now not recommended.

Who is not affected?

You will not be affected if your Microsoft Office is up to date i.e. you use Outlook 2016 or Microsoft 365, you use the built in email client on your mobile (e.g. Microsoft Outlook App), or you use email on the web.

How can I tell?

A simple way to tell if you are affected is how you log in to get your email.

Basic authentication only requires a username (email address) and password, as shown in this screenshot:

Screen capture showing email and password

This is an example of a modern authentication request – it requires additional approval beyond username and password.

Image showing modern authentication method

What do I need to do?

There are several ways to mitigate this by either changing or upgrading your email programme, which are summarised below:

  • All users: Use webmail/Outlook on the web instead. You can access your University email account at https://outlook.office365.com/mail/
  • All users: Change your email programme to Outlook (2016 or 365) or another email client which uses modern authentication such as Gmail. Note that all staff and students are eligible to download Outlook 365 via Microsoft 365 Apps, following these instructions: KI 0202
  • Outlook 2013 users: Remove and re-add your account choosing “Microsoft 365” as the account type.
  • Mobile users: Change or upgrade your email programme to the Microsoft Outlook app.
  • Mac users: Update iOS to current version and reinstall the Apple Mail application
  • Thunderbird users: update to latest version of Thunderbird following these instructions: KI 1209
  • “Other” mail clients, remove and add back account choosing ‘Microsoft 365’ as the account type

For the technically minded, the full table:

Legacy protocol Description What uses it Solution
Exchange ActiveSync & AutoDiscover Used to connect mailboxes to Exchange online * Windows Mail

* Calendar

* Email clients on mobile device

* Mac OS

Use webmail/ Outlook online

Use Outlook 2016 or Office 365 or Outlook for mobile

Update iOS to current version and reinstall Apple Mail

IMAP Allows access to email without downloading it to the device. Email is read directly from the email service Email clients such as Thunderbird and Spark.

Outlook and Apple Mail when manually configured

Use webmail/ Outlook online

Use Outlook 2016 or Office 365 or Outlook for mobile

Update to current  Thunderbird app

Update iOS to current version and reinstall Apple Mail

MAPI Over HTTP Primary mailbox access protocol used by Outlook 2010 SP2 and later Outlook 2010 and newer email clients on mobile devices Use Outlook 2016 or Office 365 or Outlook for mobile
SMTP Authentication TCP/IP protocol used to send/forward email; it cannot receive messages Email clients such as Thunderbird and Spark.

Outlook and Apple Mail when manually configured

Update Thunderbird

Remove and add back account choosing ‘Microsoft 365’ as the account type

“Other Clients”

(Linux mail clients, custom mail clients, etc)

Any other protocols identified as utilizing legacy authentication Application should be up-to-date and added using modern authentication protocol such as ‘Microsoft Exchange’ or ‘Microsoft 365’ option

What happens if I don’t do anything?

If you don’t do anything, you will not be able to send any emails using your current method from 1st October. As this is mandated by Microsoft, DTS have no ability to grant an extension.

Further information:

This change is examined in further detail in this Microsoft article: Deprecation of basic authentication exchange online

What version of Outlook do I have? You can usually find the Outlook product version by selecting Help > About while in Outlook. Also see this article by Microsoft.

Creating a new Outlook profile to restore default settings: KI 1813 How to create a new profile in Outlook 2016 (Windows 10) 

Contact:

If you want any advice or have any issues, please raise a ticket with the IT Service Desk.

Network Downtime impacting internet service and VPN, University websites and ESS – 06/09/22 between 1800-2200

DTS will be performing maintenance on the core network infrastructure on Tuesday 6th September between 1800-2200.

What is happening?

DTS are making improvements to the core network infrastructure on Whiteknights campus. This requires some downtime as we carry out this important work, which will affect both wired (network) and wireless (Wi-Fi) connections.

When:

This work will take place between 1800-2200 on Tuesday 6 September

This time has been agreed to cause the least disruption.

Location: University of Reading Campuses (excluding Malaysia)

Who is affected?

Staff, students, visitors.

 

There will be no internet service during this change; this means that for Whiteknights, London Road and Cedar Farm, any devices connected to a campus network connection, the University’s Wi-Fi (Eduroam), and Teams telephones will not be able to connect to the internet.

If you are off campus or Greenlands campus, access to the VPN, University Websites, and corporate applications such as the Employee Self Service will be unavailable.

 

Further information and help

This change is being carried out under change reference: C-2208-279

 

If you need to speak to us about this change or would like advice please raise a ticket with the IT Service Desk, https://uor.topdesk.net/ or email dts@reading.ac.uk

Where do I get software from?

At the University of Reading, we provide free access to commercial level software including Microsoft Office 365 (Teams, Word, Excel), plus academic software such as MATLAB, NVivo, SPSS etc.

These are available to access in three different ways, depending on the type of software you require. In this article we will talk about the places to get software from, and provide links to detailed Knowledge Item articles with instructions on how to use them.

1. Microsoft 365: Office.com

Staff and students

Microsoft logoAll the main Office applications are available to download for free from your Office 365 home page, for up to 5 devices (note that for staff one of these is your work computer).

Instructions: How to get Office 365

Find out what is included: https://www.reading.ac.uk/digital-technology-services/service-catalogue/office-365

2. Curriculum applications: AppsAnywhere

Staff and students

Apps Anywhere logo AppsAnywhere is our most widely used system for accessing applications, this service allows you to launch over 180 different apps. AppsAnywhere can be used with both University owned computers and also your own personal devices.

You can launch AppsAnywhere by clicking this link: https://appsanywhere.reading.ac.uk/

For staff, to request software on AppsAnywhere, please follow this form: Request Software for Labs

Find out more about Apps Anywhere: https://www.reading.ac.uk/digital-technology-services/apps-anywhere

3. General Applications: Software Center (SCCM) or Company Portal

Staff only

We use the Software Center or Company Portal to distribute a few applications which cannot go on Apps Anywhere because of the way they are licenced or need to be installed.

Whether you have the Software Center or Company Portal will depend on when your device was purchased and set up for the University. Some software, such as YuJa Learning Capture, is available on both Software Center and Company Portal.

Software Center

SCCM logoSoftware Center is an application installed on most older University Staff computers (pre 2021) and allows you to install certain applications that are unable to run via AppsAnywhere.

We have a knowledge article that explains how to access software via the Software Center: Installing applications from the Software Center (University staff PC)

If you have a newer device, delivered after March/April 2021, you’ll need to head to the Company Portal:

Company Portal

Company Portal logoCompany Portal is an application installed on most newer University Staff computers (anything purchased after March/April 2021) which allows you to install applications that are unable to run via AppsAnywhere.

We have a knowledge article that explains how to access software via the Software Center: Install Software from Company Portal on an Autopiloted device

What if I need software that’s not available on any of these systems?

If you need software that you cannot find on any of these systems, please take a look at this form, which will help you to log a ticket to get access to software that is not available. Install/use New Software (desktop/laptop installed)

For some software there may be a different process to have it installed, depending on the licencing of the software, complexity of the software and/or the amount of people that will be using the software. However, by logging your request via this route, DTS will be able to guide you through the process.

Important: Please do not install any software you are not sure about. By using the authorised software delivery services on this page, you will get an up to date, supported version of the software you need.

Need more help?

As always, if you require any further assistance, please get in touch with the DTS Service Desk who will be glad to help guide you.

World Password Day May 5th – Update your password!

World password day logo

World Password Day takes place on Thursday May 5. It was set up in 2013 as a day set aside for people to update and strengthen their passwords.

The average person has over 100 different passwords for various apps, websites, and online services. In practice most of us re-use the same handful of passwords, and ignore prompts to “update your password” until we are forced to do something. Unfortunately, there are an increasing number of people who will take advantage of this. 

What is the risk?

Password protection is one of the most important things you can do to safeguard your personal, professional, and sensitive data. Without a strong password, you risk:

  • Giving hackers easy access to your most sensitive accounts
  • Breaches to multiple accounts that share the same or similar passwords
  • Attacks by keystroke loggers who steal common login credentials
  • Loss of data through shared (and easily stolen) passwords

How do I make my passwords stronger?

Strong and secure passwords are crucial, especially now that most of our work is done online. Even if you have strong passwords, they need changing regularly as they may have been exposed in a data breach. The strongest passwords are:

  • At least 12 characters long
  • A mix of uppercase and lowercase letters, numbers and special symbols
  • Not based on your username or other personal information
  • Unique to each account

Our Password page has some more guidance for creating a stronger password.

Further information and reading

As well as the Password page, DTS have several pages dedicated to Cyber Security, https://www.reading.ac.uk/digital-technology-services/cyber-security

For more general information about keeping yourself safe online, have a look at the National Cyber Security Centre website.

Interruption to Student Email Service

This has now been resolved for all students.


We are happy to confirm that on Friday (02/08/19) evening we were able to fix the issue affecting the student e-mail service. There appears to be an issue with UoR Malaysia students experiencing a similar difficulty which we are currently investigating.

Please be aware that any messages that were bounced back will need to be resent.

We will be having a meeting on Wednesday 7th review the incident.


We are currently experiencing an interruption to our student email service.

E-mails sent to affected student accounts will bounce back to the sender, and will need to be re-sent once service has been restored.

Apologies for any inconvenience caused – we are working to resolve this as quickly as possible. Our status page has been updated, and will be kept up to date with progress.