Contact ICT Security

Phishing is like an online con where scammers pretend to be a trusted company (like your bank) in an email, text, or message to trick you into giving them sensitive info like your password, credit card number, or bank details. They use fake links to fake websites that look real to "fish" for your personal data, just like a fisherman uses bait! 

If you think you’ve received a phishing email, report it to ICT so that it can be examined and added to our spam filters. 
 
Helpful steps to help identify potential malicious email: 
 
1. If the answer to one of more of these is 'Yes’, treat the email with caution

• Is it unexpected – is this someone you don't know, or a service you have not signed up for?
• Is this a person or company that does not regularly contact you by email on this topic?
• Is the language used not in keeping with how you would usually interact with this person or service?
• Is anything unusual being requested?
• Is the tone urgent or aggressive?
• Does the sender’s email address look unusual or not from a genuine domain?

2. Verify the message

• Contact the sender directly via phone, Teams chat or create a new email to follow-up about the request.
• If it is related to a service you use, login to the service’s app/website before completing any action to verify/complete the request (never reply to an email with personal or sensitive information).
• Check it with your team or the team/line manager of the sender, or with those responsible for the service discussed in the email.  

3. Report it

• If you are still not sure whether the message is phishing or not, report it to ICT who can examine it for you.
• If you are sure it is phishing, use the report phishing button within Outlook, which helps improve the spam filters. Users of other mail clients should use the web version of Outlook to report phishing emails. 

Further support - Read more about Phishing on our Be Secure webpages.

There is no need to panic, phishing emails are getting more sophisticated every day, and it can be difficult to identify them.

1. Change your password immediately.
2. Review your recent sign-in activity, if you see something unfamiliar, select secure your account.
3. Verify your registered Multi-Factor Authentication (MFA) methods and remove any that you do not recognise.
4. Report the incident to the ICT Service Desk.
5. If you haven’t already, you must migrate to using Passkeys (phishing resistant MFA) to reduce the likelihood of your account being compromised.
6. If you have reused your Imperial credentials (username and/or password) in other products or services, please ensure that you update these immediately and use a different password to your Imperial account.
7. Report it - use the report phishing button within Outlook, which helps improve the spam filters.

Users of other mail clients should use the web version of Outlook to report phishing emails. 
 

In order to recover access to your account use the Self Service Password Reset (SSPR) service.
If you have not registered for SSPR then please contact the ICT Service Desk who can assist you with recovering access to your account. 

If you belive your account or password has been comprimised or hacked: 

1. Change your password immediately.
2. Review your recent sign-in activity, if you see something unfamiliar, select secure your account.
3. Verify your registered Multi-Factor Authentication (MFA) methods and remove any that you do not recognise.
4. Report the incident to the ICT Service Desk.
5. If you haven’t already, you must migrate to using Passkeys (phishing resistant MFA) to reduce the likelihood of your account being compromised.
6. If you have reused your Imperial credentials (username and/or password) in other products or services, please ensure that you update these immediately and use a different password to your Imperial account.

1. Decline the app notification (select No It's Not Me).
2. Do not respond to any text messages.
3. Change your password immediately.
4. Review your recent sign-in activity, if you see something unfamiliar, select secure your account.
5. Verify your registered Multi-Factor Authentication (MFA) methods and remove any that you do not recognise.
6. Report the incident to the ICT Service Desk.
7. If you haven’t already, you must migrate to using Passkeys (phishing resistant MFA) to reduce the likelihood of your account being compromised.

If you’ve lost/replaced the device used for the Microsoft Authenticator MFA requests, either as a result of a fault or device upgrade, you will need to create a new Microsoft Authenticator registration in your account for the new device and remove the previous one. 

You can remove registered MFA devices online.

Further support - Please contact the ICT Service Desk if you need assistance with this process. 

If your mobile device has been lost or stolen, please follow the steps below:

1. Smartphones/Tablets often come with a remote wipe capability – follow the instructions on how to remotely wipe your device.
2. If your device has been stolen, then please report the issue to the Police ensuring you receive a crime reference number.
3. Report the issue as a potential data breach is important to understand what type of data is stored on the device. Information on how to report data breaches.
4. Report the incident to the ICT Service Desk.
5. If you use this device with Microsoft Authenticator for MFA or this has been setup with a passkey, you can remove registered MFA devices/passkeys online. Please contact the ICT Service Desk if you need assistance with removing this from your account.

If you suspect that your server or workstation (desktop/laptop/mobile) has been infected with malware (malicious software) like a viruse, or if your device displays a pop up that malware has been found, you should: 

For servers

• Disconnect the server from the network (disable all network connections) to prevent the virus from spreading and/or sending your data to attackers.
• Do not switch the server off as that can hinder the investigation and remediation process. 

For desktops/laptops/mobiles

• Turn your device off to prevent the malware from inflicting further damage.
• If you cannot turn your device off, you should disconnect your device from the internet to prevent the virus from spreading and/or sending your data to attackers. Do this by unplugging the network cable and/or enabling aeroplane mode.

Change your password immediately on a different device.

Please report the incident to the ICT Service Desk.

USB sticks and portable hard drives present a significant risk to your data and to Imperial. ICT recommends using central data storage services that are backed up. If your device has been stolen:

1. Report the issue to the Police ensuring you receive a crime reference number.
2. Report the issue as a potential data breach.
3. It is important to understand what type of data is stored on the device, noting any Data Activity Risk-assessment Tool (DART) or DPIA references that have been created in relation to the data set at risk. This will help support the data breach notification process and inform the relevant Information Asset Owner (IAO) for the dataset stored on the device of the loss.
4. Report the incident to the ICT Service Desk 

A data breach is a security incident where sensitive, private, or confidential information is accessed, stolen, or exposed by unauthorised individuals, happening accidentally or deliberately through cyberattacks, insider leaks, or lost devices. It can involve personal or company data  and leads to identity theft, financial loss, operational disruption, and reputational damage.  

Thi sis why notifications of possible breaches must be logged as soon as possible. 

Get information on how to report data breaches.

Note any Data Activity Risk-assessment Tool (DART) or DPIA references that have been created in relation to the data set at risk will help support the data breach notification process.