A spokesperson for the University of Galway (UG) warned students that cyber scams are “an unfortunate fact of life” and urged them to treat unsolicited requests “with a high degree of caution.”
Irish universities and technological universities have reported multi-million euro cyber recovery costs in recent annual reporting.
South East Technological University (SETU) said its response to a cyber incident was expected to cost €2.3 million, while Munster Technological University (MTU) reported €4.2 million in direct costs arising from a ransomware incident.
UG has said approximately 93 percent of email sent to its domain is spam and is blocked before it reaches users.
The UG spokesperson told SIN students should “never share account credentials (login/password) with anyone,” and pointed students to the university’s Security Awareness Training module on Canvas.
“All student accounts are protected by MultiFactor Authentication (MFA) and registering for MFA is a mandatory requirement for students at University of Galway,” they added.
They added that UG’s IT security team “constantly seek to enhance account security” through technical measures, but warned that “new cyberattack techniques are always being developed so high levels of cyber awareness and vigilance are always required.”
Students who suspect compromise should report it to the UG ISS Servicedesk, they added, providing online, email, phone, and in-person reporting routes.
A spokesperson for the Law Society’s cybersecurity team described “2 main typologies” that can lead to financial loss, starting with phishing and escalating through impersonation and social engineering.
“The most common is the typical email compromise scam and these nearly all start with phishing emails,” they said, adding that people click links or open attachments, “allowing their systems to be infected.”
“It is imperative that people consider whether all emails, were they expecting the email? Does the sender’s email address look genuine? Is the language used unusual?” they added.
“Spending an extra 5–10 seconds considering emails can prevent a successful attack later.”
They added that a second common pattern involves phone-based social engineering, where fraudsters impersonate a bank and create urgency, before returning later with a “profile reset” step and a link designed to capture authentication information.
Asked what single step prevents the most harm, the spokesperson pointed to independent verification.
“In all cases, the one step that can stop these frauds is picking up the phone,” they said.
They added that when someone realises they have been compromised, speed matters.
“Contact the bank immediately,” they said. “The faster it is identified and the bank informed, the better the chance that the money can be frozen by the bank.”
They added that victims should preserve evidence, including copies of emails and relevant information, and that systems should be cleaned if malware is suspected.
They pointed students to FraudSMART and banks’ own fraud pages as practical resources.
At national level, the Department of Further and Higher Education, Research, Innovation and Science (DFHERIS) told SIN that higher education institutions are autonomous and regulate their own administrative processes, including cyber readiness.
“Higher Education Institutions are autonomous within the meaning of the Universities Act 1997,” DFHERIS said, adding that institutions “are academically independent and are entitled to regulate their own academic affairs and administrative processes, including cyber readiness.”
DFHERIS also pointed to shared ICT services for the sector. It said HEAnet and EduCampus merged on 31 December 2025 into a new company called Asiera, which “continues the work of its predecessors” and “delivers a robust digital infrastructure” underpinning teaching, learning, research and administration.
DFHERIS said one of the services provided is a Security Operations Centre (SOC) and Security Information and Event Management (SIEM) capability.
“Funding of €3.75 million was provided by [DFHERIS] in 2023 to initiate this service,” it said, adding that the SOC and SIEM service provides “24/7 real-time monitoring and analysis of security alerts” so incidents can be “quickly contained and remediated.”
HEAnet SOC and SIEM reporting has also set out the scale of monitoring volumes.
A HEAnet security operations overview report for July 2023 recorded 1.38 million alerts in a month, triaged to 81 cases investigated and 17 cases reported to clients after investigation.
The Higher Education Authority (HEA) told SIN that “responsibility for operational cyber security and student safety communications rests with individual higher education institutions,” and added that institutions are “best placed to address these issues directly with students.”
The HEA added that “cyber literacy is increasingly understood as part of a broader set of digital, information and professional literacies” relevant “across all disciplines,” but said it “does not set curriculum requirements or define minimum competencies for students,” describing those as matters for institutions and disciplines through academic governance.
It pointed to system-wide supports that institutions and students can draw on, including OpenCourses.ie and short courses from the N-TUTORR “My Digital Backpack” initiative, and referenced SATLE and the Human Capital Initiative, while stressing these are “not designed as operational cyber security programmes.”
Several institutions also set out student-facing expectations around MFA and reporting.
Trinity College Dublin (TCD) IT Services states that MFA is “required for all staff and students” accessing services such as Microsoft 365, and says computer accounts that do not have MFA set up within 30 days of creation “will automatically be disabled.”
University College Dublin (UCD) IT Services has said it is introducing MFA for all student accounts as “an important IT security measure,” with a phased rollout described in its student MFA communications.
University College Cork (UCC) IT Services has described MFA as “essential” for student accounts, and said it is making MFA essential because “there are more attacks directed at UCC accounts.”
Dublin City University (DCU) guidance for new students says students will be “prompted to set up multi factor authentication (MFA)” on first login.
TU Dublin has published guidance on “quishing,” describing it as QR code phishing, and has issued student-facing advice on what to do when phishing messages include a QR code, a link or an attachment.
A Technological University Shannon (TUS) IT spokesperson told SIN that while MFA is “pretty common standard practice” across institutions, it is not foolproof if students are persuaded into authenticating a malicious session.
They described number matching as “the most secure method,” but added that attackers can still succeed in more sophisticated phishing setups where “you’re actually viewing the legitimate Microsoft login page but you’re viewing it via a server that the hacker is hosting.”
They added that basic password hygiene still matters, particularly when students keep default passwords.
“A lot of them don’t change it,” they said.
They added that current advice increasingly prioritises length over complexity.
“The more modern thinking is the longer the password the better,” they said, suggesting longer passphrases such as “three random words” with a number rather than shorter, more complex strings.
A local opportunity for students to build practical cyber literacy is BSides Galway, a community-led security conference scheduled for 21 February 2026 at the University of Galway.
