We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Computing and Information Services

Stay Safe Online

Internet safety is everyones responsibility. It’s all about being able to have fun online – to be able to chat with your friends, post a video that you’ve made or a song that you’ve written, to be free to find out more about information you’re interested in and check out the latest trends - without being bullied, annoyed or scammed, or having your ideas stolen including identity theft.

Internet safety is a lot more than just about ensuring that your computer has the latest anti-virus and firewall software installed. It’s about being smart about how you handle yourself online and savvy about how you deal with other people (especially strangers who you meet online), and not falling prey to an online scam artist who take advantage.

In this page you'll find information that will help you lessen the chances of others getting hold of your personal details and offers you 'good practice' advice on:

Each sections contains a brief overview and a separate page contains advice detailing how you can help yourself.

Social Engineering


What is Social Engineering?

Social engineering is the art of manipulating people so they give up information that might be confidential. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or allow them to install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Common Social Engineering Attacks

  • Phishing - Phishing is a well-known way to grab information from an unwitting victim. The perpetrator sends an email or text to the target, seeking information that might help with a more significant crime.

  • Baiting - This type of social engineering depends upon a victim taking the bait. The person dangling the bait wants to entice the target into taking action.

  • Pretexting - Pretexting is the use of an interesting pretext or ploy to capture someone’s attention. Once the story hooks the person, the fraudster tries to trick the victim into providing something of value.

  • Quid pro quo - This scam involves an exchange — I give you this, and you give me that. Fraudsters make the victim believe it’s a fair exchange.

  • Vishing - Vishing is the voice version of phishing. The criminal uses the phone to trick a victim into handing over valuable information.

How can you prevent it?

  • To protect against phishing emails, spam filters can be used. The filters assess the origin of the message, the software used to send the message, and the content of the message to determine if it’s spam.
  • The browser settings should be changed to prevent fraudulent websites from opening. Browsers keep a list of fake websites and when you try to access the website, the address is blocked or an alert message is shown.
  • Report phishing to industry groups where legal actions can be taken against these fraudulent websites.
  • If there is a link in an email, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate begin with “https”.



What is Phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

How to spot Phishing?

  • Too Good To Be True - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people‚Äôs attention immediately.

  • Sense of Urgency - A tactic amongst cybercriminals is to ask you to act fast because the super deals are only for a limited time.

  • Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling.

  • Attachments - If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open it! They often contain payloads like ransomware or other viruses.

  • Unusual Sender - Whether it looks like it's from someone you don't know or someone you do know if anything seems out of the ordinary or just suspicious in general don't click on it!

How can you prevent it?

You can prevent Phishing by following the same guidance as for Social Engineering.



What is Malware?

Malware is an abbreviated form of “malicious software.” This is software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner. There are various types of malware, including spyware, ransomware, viruses, worms, Trojan horses, adware, or any type of malicious code that infiltrates a computer.

How Malware works?

  • A lot of malware infections are designed to either steal personal information you’ve stored on your computer and pass it back to the virus creator so they can steal your identity.
  • If you’ve saved online banking information, they could use it to log in themselves and empty your account.
  • Malware infects your computer by copying a file from somewhere like an external hard drive, or more commonly by downloading a file when you’re connected to the internet.
  • The malware or virus may use spyware, which tracks your browsing history to gather information about your online activity, or keylogging, which can detect the exact letters or numbers you type on your device’s keyboard, stealing usernames and passwords as well as debit or credit card numbers.
  • Some malware, called scareware, poses as a genuine anti-virus software download or will tell you to install an urgent-sounding update to keep your computer virus free.

To protect yourself:

  • Make sure your computer has a firewall and reputable anti-virus software.
  • Take care of downloading files. If you don’t know someone who’s sent you an email with an attachment, or you’re not sure about a website offering a file to download, don’t do it out of curiosity.
  • Browse safely on the web. Get to know the risks and use the same level of caution as you would in the real world.

How to spot Malware?

  • You’re being offered or told to download something from a website that you haven’t visited before and doesn’t look legitimate, or from a stranger who’s sent you an email.

  • Your internet connection or the computer’s general performance suddenly becomes very slow, you can’t access files or programs, or you’re unable to log in at all.

  • There are signs other people have accessed password-protected accounts, or your bank statements shows things you’ve bought or withdrawals you can’t remember making.



What is Password?

Your password is key to protecting the security of your account. Passwords ensure that only authorised users can access the University's IT facilities. Your password keeps your stored data and information private and secure.

How to stay protected

  • Use different passwords for different services. By reusing the same password in every service, you are risking
  • Never disclose your University IT account password to anyone. If someone demands a password, refuse to give it and refer them to the University's password policy.
  • Choosing strong passwords.The longer and more complex your password is, the more difficult is for the hacker to crack it. It is important that your password meets the requirements of our Password Policy.
  • Manage your passwords responsibly. That can be achieved by using a Password manager or storing them in an encrypted file.

Weak password examples:

  • Words which can be found in a dictionary (English or foreign), or such words written backwards
  • Names of family, pets, friends, co-workers, fantasy characters, birthdays and other personal information such as addresses and phone numbers
  • Word or number patterns like aaabbb, qwert, zyxwvuts, 123321 etc
  • Any of the above precluded, or followed by a digit (e.g. secret1, 1 secret)