There has been a significant increase in attempts to steal sensitive information from our staff and students via ‘spear-phishing’ attacks.

Spear-phishing involves an attacker sending malicious links, for example via email, to specific targets to induce them to share sensitive information.

This matches intelligence from The National Cyber Security Centre (NCSC), which identifies the attacks as focussing specifically on academia and related sectors.

In response the NCSC recommends you remain highly vigilant to approaches and take the following actions:

  1. Remain vigilant to phishing attempts and use the Report Message function available on the University of Bath website if you think you’ve been sent a phishing email.
  2. Use strong and separate passwords for your email accounts and personal accounts, create passwords that are strong enough and long enough by combining three random words.
  3. Protect your personal devices and networks by applying security updates promptly.
  4. Set up multi-factor authentication (also known as 2-step verification, or 2SV).

When off campus, Multi-Factor Authentication (MFA) provides an extra layer of protection for your University Microsoft 365 account and a number of University systems, including the University of Bath's Virtual Private Network (VPN). Please set up MFA if you need to access University systems remotely.

More information on all of the above can be found by searching the University of Bath website.