Cyber Security Awareness
Free, fun and interactive activities online, to help keep you, your data and your devices safe from cybercrime.
Come and play
This year the Cyber Security Awareness (CSA) Team brings you new and improved version of a game developed by UWE Bristol students - Frank's Café!
Come to the event to try out the latest version of this game, as well as learn how to stay safe online and grab your freebies.
Keep scrolling to find out more about how you can take part, play the online game infiltrators (from CSA 2021) and see how much you already know about phishing.
Expect to be targeted
Don't ever say "it won't happen to me". Everyone is a potential victim of cyber criminals.
Beware!
- Never share your password with anyone.
- A good password will be strong, unique, and stored in a password manager.
- Be wary of implied sense of urgency or deadlines.
- If it sounds too good to be true, it probably is. Trust your gut!
Play infiltrators
Can you infiltrate different organisations and find the vulnerabilities to steal their data, without getting caught by the security guards?
Play now
Phishing
Phishing is an attempt to steal your personal information via email, SMS or a phone call.
How to spot phishing
- Check the sender’s address – were you expecting the email?
- Be aware of basic grammar, spelling errors and always hover over a link before clicking.
- Be wary of all unknown phone numbers and verify where the text or call came from.
- Look out for aggressive extortion tactics.
Anyone can fall for phishing – report it to reduce any potential harm caused.
If in doubt – call it out!
Social Engineering
Social engineering uses psychological manipulation to trick you into making security mistakes or giving away sensitive information.
Common tactics
- Sense of urgency or deadlines given.
- Triggering emotions, both positive and negative.
- An offer that feels too good to be true.
- Impersonating your bank, ISP, phone company, Amazon etc. or someone you know.
Your public information, such as on social media, is used to make communications appear more convincing.
Review your privacy settings and think about what you post.
Vishing
Vishing or Voice Phishing is a type of fraudulent activity where criminals attempt to persuade victims to hand over personal details or transfer money over the phone.
Never give personal information (such as passwords, banking details, or credit card details) over the phone to someone who has called you.
If you do receive such a call or you are in any doubt about the authenticity of the call, simply hang up. You can always phone the organisation back using a number from a verified source.
How to spot Vishing
Information: The criminals might not be very convincing and may know nothing about you. Alternatively, they could already have some information on you such as your name, address or phone number, but need a little bit more. This can create the impression that they seem very genuine.
Urgency: If you receive a call you will inevitably find that you will be hurried into providing them with the information that they need. They will do this to panic individuals in the hope you hand over your information without being able to think it through too much. Fear often leads people into acting without thinking.
Phone spoofing: This is when a phone number appears to be coming from a genuine source (for example, your bank or credit card company). This is a technique used by cybercriminals to hide their identity.
Remember, if you are in any doubt simply hang up and contact the organisation using a number from a verified source.
SMiShing
SMiShing or SMS Phishing is where text messages are sent trying to encourage people to pay money out or click on suspicious links.
Sometimes attackers will try to get victims on the phone by sending a text message asking them to call a specific number, to persuade them further.
How to spot SMiShing
Unsolicited text messages from unknown numbers should raise alarm bells. If you are in any doubt:
- delete the message
- contact the organisation using details from an alternative verified source (for example, the company website).
Can you spot when you're being phished?
Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?
Take the quizSecure passwords
Make passwords difficult to guess by:
- using a unique password for every account
- using the three random words technique
- never share your password with anyone for any reason
- using a password manager to store and suggest passwords
- using a minimum of 12 characters in length - always remember, longer is stronger.
Use three random words
A good way to create a strong and memorable password is to use three random words, for example, 3purple_house_monkeys27!
Be creative and use words that have specific meanings and are memorable to you, so that people can't guess your password. Your social media accounts can give away vital clues about yourself, so don't use words such as a family member's name or favourite sports team, which are easy for people to guess.
Cybercriminals use comprehensive tools to break passwords and can easily guess many of the simple substitutions we use, such as 'Pa55word!', which utilises symbols to replace letters.
Password manager
With a password manager, you only need to remember one strong master passphrase that protects all of your credentials in a secure vault.
Many provide useful features that make your online life easier while being more secure, such as automatically entering your credentials and generating new strong passwords for you.
You will also find that most password managers support multi-factor authentication (MFA), making access to your password manager even more secure. They also keep the password data encrypted, so in case of a data breach, no one can access it without the master password.
The University does not support a single product, however, there are several free and paid-for tools such as KeePass, LastPass, and 1Password.
Caution: if you choose to download a password manager and forget the master passphrase, IT Services will not be able to restore it.
Compromised password
You must change your password if you suspect a data breach or that it has been compromised.
Report an incident or breachWhat next...
The Information Security Toolkit is full of top tips and advice to help safeguard you, others and the University against cyber threats.
You may also be interested in
Microsoft account and security info
Enabling easy access to UWE email, Microsoft 365, other services, resetting or changing passwords, and setting up multi-factor authentication (MFA).
Information Security Toolkit
Top tips and advice to help safeguard you, others and the University against cyber threats.
The Foundry
Join us for hackathons and immersive technology events in our newly upgraded space that’s also home to our enterprise studios, where you can get paid, real-world experience on industry technology projects while you study.