Think before you click, be aware of phishing
and watch out for ransomware and other malware through
email. Make sure you use a
strong password and 2-factor
(where available) to protect your online accounts.
Never use your Institute’s password for any
other online services.
Information Security Policy
It is the
responsibility of each member of staff and student to comply with the
Institute's Information Security Policy.
information, including details of several underpinning policies, can be found
on the ICT Policy section
Phishing means fooling people into divulging personal information, such as your account details (LYIT username & password), bank and credit details or downloading malicious software.
Phishing emails pretend to be from LYIT’s helpdesk, work colleague, banks, online shops and other trusted organisations like Amazon. They usually try to get you to follow a link or open an attachment.
Phishing scams often ask you to take urgent action, for example to log on to a website to avoid your account being suspended or check items purchased using your credit card. The link contained in the email will take you to a website that appears genuine but is actually a fake designed to trick you into entering personal or downloading malicious software.
Check out the Stay Safe from Phishing and Scams video by Google Education, click
Top tips to Avoiding Phishing or Scam Attack
Phishing emails come in many different forms. Some are easy to spot; others are much more sophisticated. However, there are some common characteristics to look out for:
- The sender’s email address may be different from the real organisation’s website address, for example they may be using a webmail address like amazon.shop.net
- A generic greeting such as “Dear customer” rather than your name
- Poor grammar and spelling
- A request for personal information such as username, password or bank details
- A sense of urgency; for example the threat that unless you act immediately your account may be closed or help a friend out.
- File or links that require you to download additional software to view them
- A prominent website link that is very similar to the proper address, perhaps with just a single character’s difference.
- You weren't expecting to get an email from the organisation that appears to have sent it.
- The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site.
Take the "How is your phising IQ?" quiz by Sonicwall to find out how good are you at spotting a phishing email
Ransomware is a type of malware that allows cyber criminals to lock a computer from a remote location. A demand for payment is then made in return for unlocking the computer
Top tips to Avoiding Ransomware
- Don't reply to, or click on links contained in, emails from companies or individuals you do not recognise
- Don't open attachments unless you’re sure the email is genuine and from a trusted source.
- Don't click on links contained in suspicious messages from social networking sites
- Backup your data regularly
- Make sure you have up-to-date anti-virus software on your computer before you go online
- Always install latest operating system and software updates a as soon as prompted
- Only visit reputable websites
- Be wary of USB devices (e.g. memory sticks, external hard drives, MP3 players) because these can be used to infect your device with malware.
Don’t get caught by social engineering scams. It’s not just email. It could be SMS, phone calls or social media.
Social engineering is the name given to the techniques used by cyber criminals to manipulate or trick people into divulging confidential information, transferring money or downloading malware.
Social engineering scams can be elaborate and highly convincing. They often impersonate organisations you trust, like your bank or the police, and use snippets of information they know about you to make the scam more realistic.
Checkout the video from
Get Safe Online