28 June 2017 
Matt Sisson, Projects and Membership Manager
As you may have seen or heard on the news, there has been a major new ransomware attack overnight, affecting many large companies and public organisations across the globe. Taking advantage of similar vulnerabilities to last month’s WannaCry attack, the new version is more complex, and as yet security experts haven’t found a universal ‘kill-switch’ of the kind that halted WannaCry. While university systems should be patched and protected, the new attack can spread even among patched computers across a network, once it finds a way inside, meaning universities will need to remain vigiliant. It is worth reminding all staff of the importance of not clicking on dodgy links in emails, and using desk or phone based training such as the VinciWorks phishing challenge if necessary.
In related news, we’ve been alerted that “universities are receiving calls from fraudsters who purport to be from a bank, stating that there are suspicious payments going through their bank account. The fraudsters will attempt to get university staff to divulge online banking passwords, memorable information and card and reader codes under the pretence that it will protect the bank account. However, if this information is divulged, it will enable them to make a fraudulent transaction.” Please ask your staff to be vigilant, and know that banks will never phone requesting online passwords or full memorable information.
Finally, some banks are continuing to change account details as a result of the ringfencing rules, which means that you may receive a larger than average number of bank account change requests. Please double- and triple-check all of these as usual.
