As a University, we possess a vast repository of data encompassing everything from student records and financial data to ground-breaking research findings and intellectual property.
This wealth of data has made us an enticing target for cybercriminals, driven by motives that could range from political agendas to financial gain.
Most data breaches begin with a social engineering element, such as phishing. While many of us are familiar with the stereotypical phishing spam filled with poor grammar and typos, it's essential to recognise that such clichéd portrayals do not accurately represent the sophisticated phishing attacks that determined and well-funded adversaries may employ against our University.
These targeted attacks, known as spear-phishing, seek to establish trust before conducting their exploit. They may have a full conversation before sending seemingly benign messages, embedding links or documents that aim to steal credentials, install malware, or achieve other nefarious goals.
Notably, the open and transparent nature of academia often provides an abundance of publicly available information for cybercriminals to weave into their false persona, giving them an air of authenticity.
If you are engaged in highly sensitive research, please remain vigilant against spear-phishing, as you are a prime target for these meticulously planned and executed attacks.
You can report any suspected phishing emails to phishing@lboro.ac.uk. If you are engaged in highly sensitive research and need guidance around protecting your research from cybercriminals, please contact IT Services.