Cybercriminals are expected to exploit the ongoing Covid-19 crisis in several different ways, which could include phishing scams and others related to increased working from home. Some of the phishing scams spotted include claims of exposure to the virus from a friend or relative, of a cure for coronavirus or financial compensation, or those that encourage you to make donations.

What to do if you are suspicious of an email

UIS has blocked many of the offending websites on the University Data Network, but if you are away from Cambridge and working from home you will not benefit from this protection and remain vulnerable if you click on a suspicious link either via a malicious website or from within an email. Please continue to be vigilant when responding to or sharing emails – particularly those that originate outside the University.

If you are in doubt or suspect an email to be malicious:

• Do not click on the email or the links within the email. Follow the guidance in our Online Cyber Security Training – all you need to know in a series of short videos. The videos on phishing and fake websites are particularly relevant, and each is shorter than 4 minutes.
  
  
• Forward the email to spam@uis.cam.ac.uk.
  
  
• Delete the email.
  
  

What to do if you clicked on something suspicious:

• Use the Raven Password Management site to change your password, but do not use the same device that you used to click on the link as this may have become infected and could detect your change of password.
  
  
• Forward the email to spam@uis.cam.ac.uk.
  
  
• Report an incident.
  
  

Further information

• UIS has published guidance on information security best practice for working from home.
  
  
• More information on how to spot a suspect email and how to stay safe online is available in the NCSC guidance on dealing with a suspicious email and UK safe online guidance.