Show/Hide navigation
University of Reading

News Archive

'Phishing' campaign indicates we must be more vigilant

Monday, 02 December 2019

Phishing campaign update

A recent campaign to understand how University colleagues respond to phishing emails has highlighted the need for us to more to keep the University's computer network safe.

Earlier this month, more than four thousand colleagues were sent a phishing email from "Data Security Officer" asking them to complete a "mandatory annual cyber security training". The email came from a domain (@readinguni.co.uk) which is not the University's actual domain, did not have the name of the sender and led users to a webpage on this external domain.

Over 350 colleagues entered their details on the external webpage. If this had happened with a genuine phishing attack, the user accounts would have had to be reset and secured. However, as it was a test campaign, we were able to direct users to a training portal and everyone who completed the training showed a high level of awareness about phishing.

Cyber-attacks are continually on the rise and getting more and more sophisticated. Like many other institutions, the University is regularly targeted by both random and focused phishing and malware attacks. Any breach resulting from such attacks can be extremely costly in reputation, financial loss, lost business productivity and unavailability of IT services.

Over the past year, the IT Security Project has implemented changes to our computer network - and the machines that connect to it - to make these more secure.

Multi-factor authentication

From 10 December, changes are also being made to how colleagues access Microsoft Office applications (Outlook, Word, Excel etc.) remotely.

If you log on to the University network from your home or a location outside our campuses, you will be asked to complete a Multi-Factor Authentication before you can use these applications. This would generally involve either saying ‘Approve' to a login notification on your smartphone or entering a unique code available on your phone.

You can find more information about this change in this story.

Phishing campaigns

Our phishing campaigns are being run in partnership with a specialist cyber security company, Khipu Networks.

Khipu will periodically send test phishing emails to University colleagues to understand how they respond to such emails. This will help us identify how easy or difficult colleagues find spotting a phishing email, provide relevant support and protect the University's computer infrastructure from a real phishing attack in the future.