Broadcast: News items

This is to make you aware of an important cyber security alert issued by Jisc - the organisation that supports digital infrastructure across UK education and research. Jisc has identified a persistent and highly sophisticated phishing campaign actively targeting education and research institutions across the UK and internationally. This campaign directly affects Universities, so we need to make sure everyone knows what to look for and what to do if they see any suspicious activity.

What makes this threat different?

Unlike traditional phishing emails which can contain obvious spelling errors or generic wording, this campaign uses artificial intelligence to create highly convincing, personalised messages that are much harder to spot.

Characteristics of the message include:

• AI-generated emails that are grammatically perfect and contextually convincing
• Automated, large-scale attacks that can adapt rapidly
• Sophisticated impersonation of trusted colleagues, IT departments, or senior management
• Techniques designed to harvest login credentials and bypass multi-factor authentication

Why our cyber awareness training matters more than ever

This is a reminder of why we invest in regular cyber security awareness training for all staff. Our ongoing programme - which includes short, accessible bite-sized training modules - is specifically designed to build exactly the kind of awareness and instinct needed to identify threats like these.

No single piece of technology can fully protect us: our people are our most important line of defence. When every member of staff knows how to pause, question, and report a suspicious message, we are significantly harder to compromise.

Please ensure you have completed your most recent training module and encourage colleagues to do the same. Even if you have been doing this for years, the threat landscape changes constantly – and these short refreshers are invaluable.

What to watch out for

Be especially vigilant about:

• Unexpected emails asking you to click a link or log in to any system, even if they appear to come from a known contact
• Requests to approve multi-factor authentication prompts you did not initiate
• Urgent or high-pressure messages asking for credentials, sensitive information, or payment
• Any communication that feels slightly ‘off’. Even if you can’t immediately say why, trust your instinct and report it.

What we need you to do

1. Complete your latest cyber security awareness training module if you have not already done so. This month’s training is about passwords, but you will receive a monthly training module to your inbox every month.
2. Report any suspicious emails immediately
3. Never approve MFA requests (via Okta or any other authenticator that you use) that you do not recognise.
4. Contact IT immediately if you think your account or credentials may have been compromised.
5. Keep your devices up to date and install software updates promptly when prompted.

Thank you for your continued vigilance. Cyber security is everyone’s responsibility, and together we can make the University a much harder target. If you have any questions, please do not hesitate to contact IT Services.

For more online safety tips and information, visit the ITS security webpage.