Phishing is an attempt to fraudulently acquire sensitive information, such as username, password and banking details, by masquerading as a trustworthy organisation or individual in an email message.

Activate Your Campus Account and Reset Your Password

Your Campus Account credentials provide access using a single User ID and Password to a number of IT Services on Campus. Password setup and reset on Office 365 is but one such service governed by your Campus Account. 

As such, it is important to activate your Campus Account as soon as possible, and set your password to one that is secure to you. You should never share out your Campus Account password. It is also a good idea to change your Campus Account password on a regular basis. Additionally, ISS will never ask you to reveal your password.    

Spam & Phishing

Spam, also known as bulk or junk email, is a subset of Spam that involves nearly identical messages sent to numerous recipients by email. 93% of email sent to email addresses is Spam and blocked by the above security protection. Email which is potentially SPAM is tagged [NUIGspam].

Phishing is an attempt to fraudulently acquire sensitive information, such as username, password and banking details, by masquerading as a trustworthy organisation or individual in an email message.

How Can I Protect Against Phishing Messages

Be suspicious of any email with requests for personal information. Information Solutions and Services will never send an email asking you to provide us with your password by email.

What Should I do if I Receive a Fraudulent Email

  1. Do not click any links 
  2. Do not open any attachments  
  3. Do not enter any personal details on the fraudulent email or website 
  4. Report the ’phishing’ email to the Service Desk
  5. Delete the email.

What if I Responded and Gave my Username and Password

You should change your email password immediately.  Report the ’phishing’ email to the Service Desk. As your account was compromised you will likely start receiving a large amount of SPAM emails.  Do not open/reply to any of these emails.  Delete these emails.

What do ISS do in Response to Phished Email Accounts

When ISS are alerted to an account generating large amounts of outbound email, it is usually due to SPAM email. In such instances, ISS will:

  1. Reset the password on your account
  2. Log on to the account and check the rules. If there is a rule to move all messages as they arrive into deleted Items, we will delete the rule.  Usually the SPAMMer creates a rule to move all mail to the deleted items as they arrive. This usually delays the users awareness that their account has been compromised and the problem usually reported is that they are not receiving new mail.
  3. Create a new rule to move bounced SPAM to the deleted items folder. This might be based on the subject line.
  4. ISS will ring (if your telephone number is available) and inform you of your new password and the new rule created on your account
  5. A large amount of outbound SPAM emails can sometimes lead to emails being blacklisted, depending on the extent of the volume of SPAM.  ISS will follow up with individual service providers to get the block removed.  It can take up to 24 hours for external service providers to remove a block on emails

Share Responsibility for Protecting our Community at NUI Galway

It is not uncommon for students and staff to receive fraudulent messages purporting to be from the NUI Galway "Technical Upgrade Team" or “IT SERVICE webteam” asking for email login details. To see more examples of typical emails received by NUIG click

We are all becoming increasingly familiar with the need to protect ourselves against malicious and fraudulent attempts to get us to disclose personal information. Many of you will be familiar with this through your use of Internet banking. Typically, the fraudsters objective is to use the University's IT resources to send out Spam on a large scale. On occasion, fraudsters may succeed in their attempts.

Despite our best efforts and significant technology investment we cannot guarantee to intercept and block all such messages in future. We have to ask you to share responsibility for protecting our community.

You should be aware of the following key principles:

  1. At work and outside work, you should never ever respond to unsolicited emails requesting personal information such as your bank details, your date of birth, or your computer login credentials. 

  2. Remember that Information Solutions and Services will never send you an email asking for your computer password. 

  3. Any "All Staff" email sent by Information Solutions and Services will always be signed off with the name and position of an Information Solutions and Services manager. If you don't know the person or their position then check them out on our website.

  4. In future, we will introduce messages from Information Solutions and Services with the words: "Information Solutions and Services / Réitigh agus Seirbhísí Faisnéise". If the message doesn't have this heading then don't trust it. 

Online Security Training

To find out more about Online Security visit our

Report Phishing

If you think that you have received a phishing email you can report it by forwarding the email to and our IT team can take the appropriate steps in blocking the email. 


Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.

One step on from Ransomware is crypto-ransomware,  which encrypts certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.

Visit the Microsoft website here for more information

How Does Ransomware Get on a Machine / Device

Ransomware can get on a PC from nearly any source that any other malware (including viruses) can come from. This includes:

  • Visiting unsafe, suspicious, or fake websites.
  • Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
  • Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.

It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.

How Can I Best Protect Myself Against a Ransomware Attack

The best solution to ransomware is to be safe on the Internet and with emails and online chat:

  • Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
  • If you’re ever unsure – don’t click it!
  • Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).