Skip to main content

IT Services

IT Security

Parking Fine Scam - a number of colleagues have received a spam email regarding parking fines from UKPC Parking Control . Estates & Property Services have advised that the University car park contractor would never send colleagues an email in this way.

  1. Don't be panicked into making rash decisions when responding to emails - stop and just think whether it is sensible, or whether this would happen in 'real life'  
  2. Use email and the internet safely and resist your curiosity. Be cautious of items from unknown sources or even suspicious links from trusted sources. When in doubt, chuck it out!  
  3. Choose strong passwords.  
  4. Protect your device by having up-to-date security software and operating system patches.  
  5. Make sure you know what ICT use is allowed and what is prohibited. There are sanctions if you breach the security policies.  
  6. Stay informed. Improve your security awareness by reviewing the external websites that we've bookmarked:
    - The UK Government-sponsored Get Safe Online website
    - The UK Government Cyberstreetwise website and Youtube channel
    - Microsoft's Safety and Security Centre website.  
  7. Review information on our webpages. If you've still got a question, contact the IT Service Desk

You are responsible for all ICT activity that takes place under your username, so protect it with a password and follow these tips:

  • Passwords must be at least nine characters long  
  • Your password must use a mix of different characters, i.e. numbers, capital letters, lowercase letters.
  • The use of special characters and punctuation is encouraged but not mandatory.
  • Make sure you can remember it, but that no-one else can guess it. Try using the first letter of each word in a memorable saying, phrase or even a sentence e.g. 'My favourite time of the year is summer' makes the password: #Mft0ty1S#
  • Change your password at regular intervals, as any password can be cracked if given long enough. Guidance on how to reset your password is described within the IT Accounts service description. Options are available to change your password from within the campus and if you're off-campus.
  • Do not select the save password option in applications - it means your account could be misused, making any misuse your problem.
  • If you think your account may have been compromised, and you've already changed your password, email ITS-ServiceDesk@salford.ac.uk to notify the ITS team of your concerns.
  • Lock your workstation or logout if you need to leave it, even if only for a few minutes. Press Ctrl, Alt and Delete keys and select Lock Workstation or Logout.

Help! I've disclosed my password

If you have disclosed your password or think your account has been compromised, change your password immediately. You can do this by..

  • Pressing Ctrl, Alt and Delete keys, select Change Password option, then following the on-screen instructions;
  • Calling the IT Service Desk on 0161 295 2444
  • Going to a Library Service Desk with your ID card and requesting a password change.

Although the university's email system incorporates advanced security features, it is important to understand that email security features are never guaranteed to detect all malicious or otherwise-undesirable emails; it is therefore vital that email system users remain vigilant when handling incoming emails.

Messages which, as a result of the University email system's security features, are detected as being offensive are either prevented outright from being delivered to the intended recipient, or they may simply have an offensive attachment removed.

Spam email is the electronic equivalent of junk mail. The term refers to unsolicited, and often unwanted material which is at best, annoying and at worst, malicious – causing considerable harm to your computer and yourself.

How to spot Spam


Spam emails may feature some of the following warning signs:

  • You don’t know the sender.
  • Contains misspellings designed to fool spam filters.
  • Makes an offer that seems too good to be true.
  • The subject line and contents do not match.
  • Contains an urgent offer end date (for example “Buy now and get 50% off”).
  • Contains a request to forward an email to multiple people, and may offer money for doing so.
  • Contains a virus warning.
  • Contains attachments, which could include .exe files.

Phishing is a scam where criminals typically send emails to thousands of people. These emails pretend to come from banks, credit card companies, online shops and auction sites as well as other trusted organisations. They usually try to trick you into going to the site, for example to update your password to avoid your account being suspended. The embedded link in the email itself goes to a website that looks exactly like the real thing but is actually a fake designed to trick victims into entering personal information.

How to spot a Phishing email


The email itself can also look as if it comes from a genuine source. Fake emails sometimes display some of the following characteristics, but as fraudsters become smarter and use new technology, the emails may have none of these characteristics. They may even contain your name and address.

  • The sender’s email address may be different from the trusted organisation’s website address.
  • The email may be sent from a completely different address or a free webmail address.
  • The email may not use your proper name, but a non-specific greeting such as “Dear customer.”
  • A sense of urgency; for example the threat that unless you act immediately your account may be closed.
  • A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
  • A request for personal information such as username, password or bank details.
  • You weren't expecting to get an email from the organisation that appears to have sent it.
  • The entire text of the email may be contained within an image rather than the usual text format. The image contains an embedded link to a bogus site

Get Safe Online - Phishing Scam from Get Safe Online on Vimeo.

Knowing how to avoid scams, spam and phishing is a critical life skill. Fortunately, simple safety measures will help you dodge the risks.

  • Slow down, spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
  • Do not open emails which you suspect as being scams.
  • Do not open attachments from unknown sources.
  • Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
  • Do not respond to emails from unknown sources.
  • Check junk mail folders regularly in case a legitimate email gets through by mistake.

If you have any doubts about the validity of an email, contact the IT Service Desk

We've added some basic guidance to help you maintain the security of your own computer and to avoid the potential loss of the information that you might have saved to it.

Good security management includes:

  • Protecting your own computer with a strong password;
  • Installing and keeping up to date anti-virus, anti spyware and firewall software;
  • Setting operating system updates to automatically install;
  • Not relying on one copy of an important file: make sure that you have a backup copy of your data.

Anti-virus and anti-malware software helps to protect your computer from viruses, worms and other malicious software. However the protection is only as good as the last update, as new viruses and malware are released every day.

  • Use one anti-virus product (more than one may conflict with each other)      
  • There are a number of free products for non-commercial use, these include:
  • But do a search/check computer reviews and use products from a reputable vendor or provider, ensuring you comply with all licensing requirements.  
  • Schedule daily updates for when the machine is switched on and online.
  • Schedule a weekly full system scan to check for infected or corrupted files.
  • Windows users might also like to consider additional anti malware protection, such as Malwarebytes, Spyware Blaster or Spybot.

Common symptoms of a virus infection:

  • Virus program alerts;
  • Pop-up advertising;
  • Access to files denied;
  • PC will not start;
  • PC is unusually slow;
  • PC restarts without your authorisation;
  • Files have disappeared.

How to recover from a virus infection

Check that your virus definitions are up to date (View the program's Help - About screen to check for the last update). If more than two days, manually apply an update from the anti-virus provider's site, then disconnect from the internet before:

  • Running a complete scan;  
  • Cleaning/disinfecting any viruses found.

Also scan and disinfect any external drives e.g. USB memory sticks and disks, otherwise you will keep re-infecting your computer.

If symptoms persist, start the machine in Safe Mode. To do this press F8 during start-up (before the Windows Start-up Menu is displayed) and then select Safe Mode. This means the PC will start-up in a minimal configuration, with only essential parts of Windows loaded. Then repeat the above actions—run  the  complete  scan etc. If symptoms still persist, the only remaining option is to reinstall Windows using the original disks.

If you require further assistance, please bring your device to the IT Drop In

I use a Mac and they can't get virus infections

Wrong! This is a commonly held belief. Although Windows based machines are more prone to infection (due to high numbers of Windows users worldwide) Macs can still get virus infected. It is less common for a Mac or Linux run computer to have a virus infection, but virus writers are widening their scope  and  targeting  anything connected to the internet. Anti-virus products are available for these machines, so get searching and apply the same protection principles as advised for Windows users.

Remember that you need to have an up to date operating system and antivirus product before connecting to the University’s network.

Any computer, Mac or PC, connected to the internet is vulnerable to viruses, spyware and hacking attacks. University owned and managed computers should have these security settings and protection as standard. However, if you have a computer/laptop at home or in halls, you'll also need to implement these security measures. It is a lot easier (and much less technical) to protect your computer than you think.

Operating system (OS) - does all the background things to make your computer work e.g. Vista, Windows 7 & 10 or Mac OS X. The OS is only as secure as the day it was written and there are lots of hackers and viruses that take advantage of out of date operating systems, so you must get regular updates.

Check that Windows updates are turned on:

  • Click the “Start” button. In the search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  • If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
  • In the list, click the important updates for more information. Select the check boxes for any updates that you want to install, and then click OK.
  • Click Install updates.

Check that Mac updates are turned on:

  • Versions prior to Mountain Lion: Apple Menu > Software Update
  • Mountain Lion (and later versions): Apple Menu > System Preferences > App Store

Anti virus

Microsoft's End Point Protection is the University's chosen anti virus software. By default this will be installed on all University PCs, with definition updates switched on.

The presence of the anti virus software is indicated by the system tray icon: Microsoft endpoint protection icon

Common symptoms of a virus infection:

  • Virus program alerts
  • Pop-up advertising
  • Access to files denied
  • PC will not start
  • PC is unusually slow
  • PC restarts without your authorisation
  • Files have disappeared

You should contact the IT Service Desk:

  • If your University supplied device doesn't appear to have anti virus software installed;
  • If your device's updates are not current—they should be within 3 days;
  • You suspect that your University supplied device has a virus infection.

Operating system updates

Any computer—Mac, Windows or otherwise—connected to the internet is vulnerable to viruses, spyware and hacking attacks. University-owned/managed computers should always have automatic operating system updates turned on as standard.

The operating system (OS) - does all the background things to make your computer work e.g. Windows Vista, 7 or 10, or Mac OS X. The OS is only as secure as on the last occasion when it was updated, and lots of hackers and viruses exploit out-of-date operating systems; so staying up to date with regular updates is imperative. You will receive alerts when updates are released and you are encouraged to install them at your earliest convenience. If the updates are not done, they will be applied automatically a week after release.

An information security incident is an actual or possible breach of the University's security policies and can include:

  • Inappropriate or offensive Internet use;
  • Lost or stolen laptop, smart phone, memory stick or other IT equipment;
  • Harassment by email or web abuse;
  • Hacking or virus transmission;
  • Log-in misuse and password sharing;
    Unauthorised access to or disclosure of information.

Report any concerns to the ITS Service Desk. The report is passed to the University IT Security Emergency Response Team (ITSERT) who respond to and manage investigations into information security incidents and ICT Acceptable Use Policy breaches.

ITSERT will deal with all reports in strictest confidence, sharing information only with individuals who need to be involved in the investigation. All information and investigation material will be stored securely.

All investigations are handled in line with the University's Acceptable Use Policy, and with relevant legislation. In some cases, requests for investigation may require completion of an ITSERT Investigation Authorisation form

You should always report your concerns because misuse could damage the University network, be illegal or have a negative impact on the University's reputation. All of these can have a negative effect on your studies or job with the University. By reporting your concerns, you are providing the best opportunity to prevent any recurrence and to limit damage to the University.

Identity theft happens when fraudsters access enough information about someone's identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. Identity theft can have a direct impact on your personal finances and could also make it difficult for you to obtain loans, credit cards or a mortgage until the matter is resolved.

What can I do online to protect myself from identity theft?

Most people are aware that they should protect their information in real life, for example by shredding documents with financial or personal details. However, there are many ways fraudsters can gather this information online as well. Prevent identity theft by:

  • University IT Services will NEVER request your password in an email.
  • Stop and use common sense - you wouldn't give bank details or a password to a stranger in the street, so don't give this information in response to an email.
  • Don't reply to, or click unsubscribe on spam/marketing emails; this just confirms your email address and you'll get more not less - delete the email.
  • Don't open attachments or links in emails unless you were expecting the email - delete the email.
  • Check that websites are secure before entering personal or financial details
  • Alter your privacy settings on social networks

The use of computing and networking facilities is permitted by the University on the condition that all users comply with the conditions stated in the following policies:

Users should note that the University's access to the internet is solely through the JANET network and that violations of the JANET AUP could potentially lead to this access being withdrawn.
All users of the University network are required to comply with the approved University Policies, Standards, relevant legislation and contractual requirements, and should seek advice when in doubt.

The University ICT Acceptable Use Policy (AUP) contains common sense rules about use of the University ICT facilities which will protect and preserve the facilities for all users. The AUP prohibits and blocks access to websites and content that are illegal or are categorised as obscene/tasteless; hate and discrimination; malicious content such as virus and spyware, as well as illegal download or upload of copyright protected material using peer 2 peer filesharing.

Copyright infringements (downloading or uploading copyrighted material without the copyright owners permission) constitute theft. It is illegal and therefore affects the University reputation. For more advice on copyright issues go to www.infogov.salford.ac.uk/copyright/ . Using torrent or other peer-2-peer filesharing to download or upload illegally obtained copyright protected material may result in: being disconnected from the University ICT facilities; and having to pay a £100 AUP reconnection fee.

Where there is a justified University business need for an individual to access prohibited websites / material, this can be supported. Please complete and submit the Prohibited Internet Access form to IT Services. The form gives clear instruction on the completion and authorisations, as well as advice required.