All posts by adb108

Matariki 25 – 29 June

Matariki, Māori New Year takes place 25 – 29 June. It’s a time to celebrate new life and new beginnings, remember those who’ve passed and to plan for the future. It is a time to spend with whānau and friends, and enjoy kai (food), waiata (song), tākaro (games) and haka.

Matariki is the Māori name for a cluster of stars that rises around mid-winter. It is when crops were harvested and seafood, birds and crops were preserved for winter.

There are a number of community events taking place during Matariki, see what’s on in Christchurch here>

UC fire engineers warmly welcome new FENZ educational facility

Vice-Chancellor | Tumu Whakarae Professor Cheryl de la Rey and Hon Paul Swain Chairman of Fire and Emergency New Zealand turn the sod at the blessing of the new Ilam Fire Station.

Fire and Emergency broke ground on 6 June on a new facility on Creyke Road, beside the UC Engineering precinct which includes the Fire Lab.

The Fire Station and Fire Engineering Educational Training Facility will be a welcome addition to students and staff who will benefit from the hands-on practical learning and knowledge sharing.

Master’s student Vivian Ye is specialising in fire engineering. She participated in two summer research projects funded by Fire and Emergency – in 2017 she worked on “understanding and improving fire ventilation tactics in New Zealand” and in 2018 she investigated “existing methodologies for estimating fire flow requirements both domestically and internationally”.

“The two research projects were financially supported by Fire and Emergency, which provided a great opportunity for me to contribute to on-going practical issues,” says Vivian.

Read the news story here>

Spotting a social engineering scam

In some previous cyber security posts we’ve mentioned a couple of types of scams that use social engineering, eg. phishing. Social engineering is a way of tricking people into sharing their personal information.

Here, we’re going to talk about the equally dangerous non-technical social engineering attacks that we all may face.

These scammers use little pieces of information they already know about you to trick you into revealing sufficient information that they can then defraud you. This is called ‘pretexting’ or ‘vishing’ voice-phishing and is often done through a phone call.

If you receive a phone call you are uncertain about, hang-up the call and find a phone number for the organisation to call them back, don’t call any phone number the caller gives you.

It’s ok to say no – think about the information you are being asked for when filling out forms, having conversations or responding to emails:

  • is what they are saying believable?
  • why do they need this information?
  • are they making a reasonable request for this purpose?
  • is this person who they say they are?

Read these examples and check out this video to understand what social engineering might sound like. Read more about cyber security and reporting incidents at UC here>

Hi, this is Tracey calling from {Your Bank}.

We’ve blocked some suspicious overseas charges made on your card ending {last 4 digits of your card}, and we’d like to check on these with you, if that’s OK.

Before we can do that I need to run you through some security checks.

Can you please confirm the billing address for the card is correct?

Great thanks. Can you please confirm your mother’s maiden name? 

OK, we’re good to go. Have you been to a restaurant called La Roux earlier today? Spending $43.20?

No, OK, we’ll need to cancel your card and issue you a new one.

Don’t worry, we can get the new card to you quickly, if I get this processed now I can get it to you in the next 48hrs.

To make things easy for you I can make sure the same PIN number is used so you will be able to use the card straight away.

If you can confirm your PIN number I’ll get that added.

Awesome, that is done, your new card is on its way.

As you can see the scammer now has your card number, answer to your security question and current PIN number.

This example would be carried out after a wallet has been stolen. The initial information comes from a receipt found in your wallet.

Hi {your name},

This is Tracey from {names a store you have a receipt from found in your wallet}, you’ve won a gift card worth $150 that you can pick up next time you are in the {names location of the store from the receipt} store.

To secure the card for you I need to put a PIN number on the it, what PIN number would you like me to add to the card?

All done. That card will be waiting for you in store.

Have a good day.”

Unfortunately, most people will provide their own banking PIN number, because by human nature, we’re lazy and use the same PIN numbers or passwords for multiple purposes.