top of page

Principal's Principles Prevent Phishing

Principal Dame Sally Mapstone’s unorthodox email stipulations have helped prevent a Russian hacking attempt aimed at a professor. Following her appointment to Vice-Chancellor and Principal of the University of St Andrews in 2016, one of Dame Sally Mapstone’s first, and perhaps most unexpected changes, revolved around emails. Banning the phrases “I hope this finds you well” and “I trust you find this useful” would, seven years later, aid in the University successfully fending off a Russian cyber attack.

Last week, Professor Phillips O’Brien, Head of the School of International Relations and Professor of Strategic Studies, was inevitably surprised, then, to receive an email beginning with the prohibited greeting. Purportedly from fellow international relations professor Stephen Gethins, the email contained an attachment titled Ukraine Report. However, on reaching out to Professor Gethins to confirm whether he had indeed sent the email, it became clear it had not come from his colleague. As a result, cybersecurity experts both at St Andrews and GCHQ were both quickly notified.

Further analysis showed the PDF contained code that, had it been opened, would have given hackers access to Professor O’Brien’s email. Seaborgium, a Russian hacking group with links to Russian state intelligence, is believed to be responsible for the attempted interference — having recently also targeted Stewart McDonald, the MP for Glasgow South. Described by Microsoft as carrying out “persistent phishing and credential theft campaigns”, the group has been primarily targeting individuals residing in NATO countries since the beginning of 2022, tending to impersonate “legitimate contacts” of their targets in order not to arouse suspicion. Former targets of the network include former MI6 head Richard Dearlove and Paul Mason, a journalist.

It is believed that Professor O’Brien has been targeted due to his long standing work on Russia, which has more recently concerned the weaknesses of the Russian military operation in Ukraine. Speaking to The Independent, an unnamed St Andrews insider said, “The Russians obviously hadn’t done their homework properly”.

In addition to outlining her email recommendations, the Principal laid down the law regarding another of her, unanticipated, “institutional allergies and aversions” — corduroy. Instructing staff members never to wear it to work, Principal Dame Mapstone is believed to have sent a male colleague to change his offending garments during her time at Oxford University, though assures that her remarks prior to her arrival at St Andrews were “tongue-in-cheek”. The principal is believed to be “delighted” that her guidance regarding email etiquette has paid off.

Photo: University of St Andrews

75 views0 comments


bottom of page