Information Security


Frequently Asked Questions


Virus protection

Why can't I get to a web site?

From February 2016, in order to prevent people accidentally visiting web sites which can give them a virus, access to these web sites from campus has been blocked.  In some cases, you won't notice that this has happened.  In a few cases, such as if you accidentally click on a link in an email to a malicious site (e.g. a phishing email), you will see a "page not found" error (404).  This usually means that your computer has been protected from harm, and you need take no further action.

If you need any advice on what to do, or you suspect that you may have a virus, please contact the ISD Service Desk: servicedesk@ucl.ac.uk


How can I report junk email in Office 365?

Click on the dropdown menu (down arrow) to the right of 'Reply All', select 'Mark as junk'.

The following dialog box will appear:

Office 365 Report Junk dialog box

Click on 'Report'.  


CERT UK Guidance - Phishing: What is it and how does it affect me?


I've received an email asking me to enter my username and password, what shall I do?

This is a 'phishing' email designed to steal your credentials. 

Please note that no member of UCL staff should ever ask you for your password, nor ask you to send your password by email, so any email (or telephone call) that does is a scam. Our advice on this is that you should treat your password as you would treat the PIN number for your bank card - keep it secret and don't share it with anyone, not even your friends. 

We do always advise that you should report these phishing emails to Action fraud (we do not have the time nor resources to report every phish individually ourselves): http://www.actionfraud.police.uk/report_fraud

For ISG's information, please forward the email received to: phish@ucl.ac.uk

If you are unsure, ask, don't click.

How can I report phishing email in Office 365?

Click on the dropdown menu (down arrow) to the right of 'Reply All', select 'Mark as phishing'.

The following dialog box will appear:

Office 365 Report Phishing dialog box

Click on 'Report'.

Email Header Information

Emails contain normally hidden information about the routing of the message; the email headers. It is helpful for ISG to check these when investigating a suspicious email. However, if an email is forwarded in the usual way, “inline” as the text of a new message, the header information is lost. Instead, we may ask you to forward the email “as an attachment” or to send us a copy of the header text.

How do I forward an email as an attachment?

In most versions of Outlook and some other email clients:

Method 1: Select the email in your mailbox and press Ctl + Alt + F. This will create a new email with the selected message as an attachment.

Method 2: Open a new email. From your mailbox, drag and drop the selected message onto the body of the new email to add it as an attachment. Note: if the new email becomes hidden on your desktop when dragging then hover over the “Untitled – message” tab on the taskbar to bring the new email back to the foreground.

Method 3: Open the message and from the File tab, use the “Save as” option to save as a file of type “Outlook message format – Unicode (*.msg)” or a similar option. Attach the saved file to a new email in the usual way. Remember to delete the saved file when no longer needed.

Outlook 2010 and 2013:

Select the email but don’t open it. On the “Home” tab, within the “Respond” group, click on the “More” dropdown. Select “Forward as attachment”.


How do I find and copy the header text?

It may be preferable to display the email headers then copy-and-paste the text in a new email.


Double click on the email, click on the 'More actions' button which looks like three dots (...), select 'view message details', copy and paste the header information into an email and send it to us.

Office 365:

Click on the dropdown menu (down arrow) to the right of 'Reply All', select 'View message details', copy and paste the header information into an email and send it to us.

Outlook 2010 and 2013:

In the File tab, click on and expand the “Tags” group. Copy and paste the “Internet headers” information into a new email and send it to us.

Which version of Outlook am I using?

The version of Outlook can usually be found in the “Help”, “About” section of your email program. However, this is not always easy to find. For example, in Outlook 2013 it is hidden behind the File tab under “Office Account”. The following Microsoft support article maybe helpful: What version of Outlook do I have?

Infected machines

I have a virus infection on my machine, my anti-virus software will not remove it, what else can I try?

It can sometimes take time for anti-virus software to start detecting a particular virus, when this happens you can try the following:

Combofix http://www.bleepingcomputer.com/download/combofix/

Malwarebytes http://www.malwarebytes.org/

Sophos Anti Rootkit http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

Advice for researchers

I am a researcher working with personal identifiable data (pid), what steps should I take to ensure that I keep this data secure?

Please see the following advice from AISC on the handling of sensitive data:



If you need further assistance please contact us.