Information Security


Frequently Asked Questions


How can I manage spam and junk email?

Unfortunately we cannot eliminate all spam emails, the spam filters already block a significant amount but if the spam filter rules are too strict, it would result in legitimate mail being flagged as spam.

Please see the links below on how to manage junk email settings in OWA and Outlook 2010/2013:

For more guidance please see:



I've received an email asking me to enter my username and password, what shall I do?

This is a 'phishing' email designed to steal your credentials.

Please note that no member of UCL staff should ever ask you for your password, nor ask you to send your password by email, so any email (or telephone call) that does is a scam. Our advice on this is that you should treat your password as you would treat the PIN number for your bank card - keep it secret and don't share it with anyone, not even your friends. 

We do always advise that you should report these phishing emails to Action fraud (we do not have the time nor resources to report every spam individually ourselves): http://www.actionfraud.police.uk/report_fraud

Here is our link with some phishing email advice, but you can find it directly on the main UCL website too: http://www.ucl.ac.uk/cert/antiphishing

If you are unsure, ask, don't click.

Email Header Information

How do I send you the email headers when I report a phishing email?

In Outlook:

Right click on the email, select 'More Actions', and click on 'Forward as Attachment'.


Double click on the email, click on the 'More actions' button which looks like three dots (...), select 'view message details', copy and paste the header information into an email and send it to us.

Infected machines

I have a virus infection on my machine, my anti-virus software will not remove it, what else can I try?

It can sometimes take time for anti-virus software to start detecting a particular virus, when this happens you can try the following:

Combofix http://www.bleepingcomputer.com/download/combofix/

Malwarebytes http://www.malwarebytes.org/

Sophos Anti Rootkit http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

F-Secure Rescue CD http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142

Advice for researchers

I am a researching working with personal identifiable data (pid), what steps should I take to ensure that I keep this data secure?

Please see the following advice from AISC on the handling of sensitive data:


Advice for staff handling card data

My department handles card data, are there any steps we need to follow or standards that we need to adhere to?

If your department is handling card data then you need to ensure that you adhere to the PCI DSS Data Security Standard, more information can be found in the link below:

If you need further assistance please contact us.