Security advice from Information Services
Published: 10 February 2020
A reminder to be wary of scam calls and fake emails - phishing.
Information Services reminds you to be wary of scam phone calls and fake emails designed to trick you into revealing your password, or other confidential information. This is known as “phishing”.
Scam phone calls
Scam callers often pretend to be some form of support service like the "IT Helpdesk" or some IT provider organisation or utility. They may imply a sense of urgency and may demand you take some action on your computer to avoid negative consequences such as imminent disconnection. In some cases, the call may involve a recorded message. (Note – the University does not call you using a recorded message).
If in any doubt of the identity of a caller, please hang up and call the real organisation back on the number listed on its official website.
The scammers could steal your access to University data, your personal details and in some cases, your money. Scam emails often look genuine and may have sender details constructed to look like the message was sent by an organisation or person you'd expect to receive correspondence from e.g. a senior member of the University, College or School.
In many cases, the email tells you to click on a link taking you to a plausible-looking but fake website, where you are then asked to enter your password or other details. Another current theme involves fake emails making contact prior to a plea for help, asking for money, or equivalently, the purchase of online gift cards. In some cases, the message may even appear to be a reply to existing correspondence including the subject line.
If in doubt whether an email is genuine, please contact the IT Helpdesk.
Some easy steps to protect yourself
Treat EVERY unsolicited or unexpected email with suspicion, even if it looks like it came from someone you trust.
Don’t click on links, buttons, or open attachments in unexpected email.
If a link in an email takes you to a log-in page, even if it looks similar to a page you normally use, DO NOT LOG IN. Instead use ANY one of these safe methods:
- Go to MyGlasgow and find the real log-in page from there
- Use a desktop icon: every standard staff desktop PC or student cluster computer has a link to MyGlasgow on the desktop
- Use a bookmark you saved earlier
- Carefully type the URL address by hand.
Always err on the side of caution. If in doubt whether an email is genuine, please contact the IT Helpdesk. For phone calls, if in any doubt of the identity of a caller, please hang up and call the real organisation back on the number listed on its official website.
If you might have entered your password after clicking a link in a suspect email, you MUST change your password immediately. To change your GUID password, use the "Change or reset password" link on the MyGlasgow Student/Staff homepage (just below the login link). You can get to this page from the footer of any University web page.
To learn more about how to keep your data safe, how to avoid phishing attacks, scams and the other threats we all face, the UofG Information Security online course is available and is mandatory for all staff. To access the course, log in to the MyGlasgow Staff Portal and follow the “Information Security Awareness” link in the box at the top.
First published: 10 February 2020