-
Courses
Courses
Choosing a course is one of the most important decisions you'll ever make! View our courses and see what our students and lecturers have to say about the courses you are interested in at the links below.
-
University Life
University Life
Each year more than 4,000 choose University of Galway as their University of choice. Find out what life at University of Galway is all about here.
-
About University of Galway
About University of Galway
Since 1845, University of Galway has been sharing the highest quality teaching and research with Ireland and the world. Find out what makes our University so special – from our distinguished history to the latest news and campus developments.
-
Colleges & Schools
Colleges & Schools
University of Galway has earned international recognition as a research-led university with a commitment to top quality teaching across a range of key areas of expertise.
-
Research & Innovation
Research & Innovation
University of Galway’s vibrant research community take on some of the most pressing challenges of our times.
-
Business & Industry
Guiding Breakthrough Research at University of Galway
We explore and facilitate commercial opportunities for the research community at University of Galway, as well as facilitating industry partnership.
-
Alumni & Friends
Alumni & Friends
There are 128,000 University of Galway alumni worldwide. Stay connected to your alumni community! Join our social networks and update your details online.
-
Community Engagement
Community Engagement
At University of Galway, we believe that the best learning takes place when you apply what you learn in a real world context. That's why many of our courses include work placements or community projects.
Spam and Phishing
Spam
Spam email, is unsolicited bulk messages sent via email. A subset of spam is called bulk or junk email, which involves sending nearly identical messages sent to numerous recipients by email. Approximately 93% of email sent to the @nuigalway.ie domain is spam and blocked by Microsoft 365 or Exchange Online Protection (EOP). That said, some spam mail still filters through to our domain, and being vigilant to this is of utmost importance.
Office 365 Anti-Spam and Anti-Malware Protection
Office 365 email messages are automatically protected against spam and malware filtering through Microsoft Exchange. For more details visit the Microsoft Website.
What if I Get a Request for Personal Information
You should never respond to unsolicited emails requesting personal information.
Phishing
Phishing is an attempt to fraudulently acquire sensitive information, such as username, password and banking details, by masquerading as a trustworthy organisation or individual in an email message.
How Can I Protect Against Phishing Messages
Be suspicious of any email with requests for personal information. Information Solutions and Services will never send an email asking you to provide us with your password by email.
What Should I do if I Receive a Fraudulent Email
- Do not click any links
- Do not open any attachments
- Do not enter any personal details on the fraudulent email or website
- Report the ’phishing’ email to the Service Desk (Please note that forwarding the email to phishing@nuigalway.ie will automatically log a ticket with the Service Desk for you)
- Delete the email.
What if I Responded and Gave my Username and Password
You should change your email password immediately. Report the ’phishing’ email to the Service Desk (Please note that forwarding the email to phishing@nuigalway.ie will automatically log a ticket with the Service Desk for you). As your account was compromised you will likely start receiving a large amount of spam emails. Do not open/reply to any of these emails. Delete these emails.
What do ISS do in Response to Phished Email Accounts
When ISS are alerted to an account generating large amounts of outbound email, it is usually due to spam email being sent by a compromised account. In such instances, ISS will:
- Reset the password on your account
- Log on to the account and check the rules. If there is a rule to move all messages as they arrive into deleted Items, we will delete the rule. Usually the "Spammer" creates a rule to move all mail to the deleted items as they arrive. This usually delays the users awareness that their account has been compromised and the problem usually reported is that they are not receiving new mail.
- Create a new rule to move spam/bounced emails to the deleted items folder. This might be based on the subject line.
- ISS will ring (if your telephone number is available) and inform you of your new password and the new rule created on your account
- A large amount of outbound SPAM emails can sometimes lead to
nuigalway.ie emails being blacklisted, depending on the extent of the volume of spam. ISS will follow up with individual service providers to get the block removed. It can take up to 24 hours for external service providers to remove a block on @nuigalway.ie emails
Share Responsibility for Protecting our Community at NUI Galway
It is not uncommon for students and staff to receive fraudulent messages purporting to be from the NUI Galway "Technical Upgrade Team" or “IT SERVICE webteam” asking for email login details. To see more examples of typical emails received by NUI Galway, click here.
We are all becoming increasingly familiar with the need to protect ourselves against malicious and fraudulent attempts to get us to disclose personal information. Many of you will be familiar with this through your use of Internet banking. Typically, the fraudsters objective is to use the University's IT resources to send out Spam on a large scale. On occasion, fraudsters may succeed in their attempts.
Despite our best efforts and significant technology investment we cannot guarantee to intercept and block all such messages in future. We have to ask you to share responsibility for protecting our community.
You should be aware of the following key principles:
- At work and outside work, you should never ever respond to unsolicited emails requesting personal information such as your bank details, your date of birth, or your computer login credentials.
- Remember that Information Solutions and Services will never send you an email asking for your computer password.
- Any "All Staff" email sent by Information Solutions and Services will always be signed off with the name and position of an Information Solutions and Services manager. If you don't know the person or their position then check them out on our website.
- In future, we will introduce messages from Information Solutions and Services with the words: "Information Solutions and Services / Réitigh agus Seirbhísí Faisnéise". If the message doesn't have this heading then don't trust it.
Raise Awareness
ISS encourages colleagues to display a poster in their area (e.g. Staff Canteens, Meeting Rooms) to help raise awareness about phishing email. You can get creative or print one already available! See below poster kindly provided by HEAnet:
Online Security Training
To find out more about Online Security visit our Online Security Training webpage
Report Phishing
If you think that you have received a phishing email you can report it by forwarding the email to phishing@nuigalway.ie and our IT team can take the appropriate steps in blocking the email.
Spoofing
Spoofing is the creation of email messages with a forged sender address. It is common for spam and phishing emails to use spoofing to mislead intended recipients about the actual origin of the message.
How Can I Protect Against Spoofing Messages
Unfortunately, it is very difficult to protect against spoofing email addresses. We can however be vigilant and know what to look for.
What to Look For
Below is a classic example of a spoofed email address.
- We see the 'Display Name' of the Email Address. Spoofers will edit the display name of the mail account to make it look like a standard user name.
- However we see the actual sending email address beside to the display name. The email will generally not match to that of the Display Name, as the spoofers are hoping that you will not notice the email address, and focus attention on the spoofed display name instead. In this example, the email is clearly suspicious, so care should be taken.
There are common sense measure we can take here to protect against spoofing emails. If you recieve an email, always ensure that the Display Name and the Email Address match. If they are entirely different, then you should be cautious. As noted, spoofing is generally done to phish information from another user. It is therefore a good idea to be wary of any unusual sounding requests for information from someone purporting to be a known colleague / user.
Can I Confirm an Email I Received is a Spoofing Email
It is possible to check the message header of any email you recieve, which will give you an indication of whether an email you have received is spoofed.
- View the Message Header from an email you suspect to be a spoofing email. See the Microsoft site here for instructions on how to view message headers
- Go to the Microsoft Remote Connectivity Analyser website and click on the 'Message Analyzer' tab
- Paste the full message header into the 'Insert the message header you would like to analyse' field and click 'Analyse headers'
- The email headers are broken down into specific fields, and basic information on the email origins are revealed. Specifically, look at Field 9 under 'Other headers'. The display name and email address should match.
Keep in mind, if you are ever in doubt as to the authenticity of an email, you should always report it to the ISS Service Desk or forward the email to phishing@nuigalway.ie and our IT team can analyse the mail and take the appropriate steps to block it if required.
If you have responded to an email or clicked on any of the links and provided login details or any other personal details, follow the steps below as soon as possible.
If you have given out your Campus Account Credentials
-
Change your password immediately through CASS
- Contact the Service Desk and report the phishing/Spam email
- Log on to your email account and check the rules. If there is a rule to move all messages as they arrive into Deleted Items, delete the rule.
It is common for compromised accounts to have this rule added as a result of a spam attack making the user think that they are getting no mail. This is done to delay the time that the user will check their account and notice that their account was hacked. - Create a new rule to move bounced SPAM to the deleted items folder. This might be based on the subject line.
A large number of outbound SPAM emails can sometimes lead to nuigalway.ie emails being blacklisted, depending on the extent of the volume of SPAM. If your account becomes locked due to it be being hacked ISS will follow up with individuals to help them regain access.
ISS will follow up with individual service providers to get the block removed. It can take up to 24 hours for external service providers to remove the block on nuigalway.ie emails
If you have given out your Bank Account Details
Contact your bank directly. Do not follow the link in the fraudulent email message
- Call the bank’s hot line, usually printed on the back of your bank card, and report the incident
-
Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.
How To Spot Phishing Emails
You can protect yourself and others by learning how to spot and recognise fraudulent emails.
