Category Archives: Cyber Security

Looking after your devices

Do you share thoughts and memories, pictures of holidays, gatherings and other adventures online? Do you share these things on one or more social media platforms?

One of the most vulnerable and common channels for attack is outdated software. Cyber criminals have millions of infected machines that continually scan the internet looking for vulnerable devices to attack. They use holes in software, operating systems and communications, to push their way through the cracks and try to execute code, and once they have a foothold they can cause a huge amount of damage.

Damage could include:

  • stealing your information
  • using your device without your knowledge to spread malware, attack online services, mine cryptocurrency, etc.
  • overriding safety settings on your device and encrypting the data. 

To avoid this you should actively keep your device up to date installing updates that are available for your device. Also make sure you keep software and apps on your devices up to date. These updates often ‘patch’ security vulnerabilities that criminals use to exploit devices. Take a few minutes now to make sure your device is up to date.

Other things to consider.

  • Make sure you download software from reputable sources such as Apple App Store, Google Play, Microsoft, Amazon, Steam. 
  • If you are getting ‘free’ software, what are you giving the publisher in return? They might be tracking your location or want access to your address book.
  • Use anti-virus and anti-malware tools to scan your device regularly (yes, even MacOS users should do this).
  • Avoid using portable USB storage across multiple devices.
  • Is information on your device backed-up somewhere?
  • Is your device need a password to gain access? – it should.
  • Use a secure browser and think about where you are browsing too, is it ‘legit’?

How to report a cyber security incident at UC

Log a ticket on the IT Self Service portal>
Ring IT Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.
Email report-phishing@canterbury.ac.nz and attach phishing email, ensuring header of scam email is included.

If you have any questions, contact the IT Service Desk or visit the desk located in the Central Library. Call us on our free call number 0508 UC IT HELP (0508 824 843) or on 03 369 5000.

Non-technical social engineering scam

Social engineering as a scam can take many different forms. One of these is a non-technical form where a scammer already knows enough about you to make you feel comfortable and confident in revealing more personal information. The personal information they really need to defraud you.

This is known as ‘pretexting’ or ‘vishing’ voice-phishing, where the scammer is phishing for information using voice communication like a phone call. The caller uses information about you they already know, which could be pieced together from your social media accounts or if you have lost or had your wallet stolen, they will present themselves as someone trustworthy like a representative from your bank.

A good example of this could be if you have lost your wallet. A scammer might find a shop receipt in your lost wallet and call you posing as a shop attendant. To get more information out of you they might say you have won a voucher and simply need you to provide a PIN number to activate the card. Unfortunately, most people will provide a PIN number they already use. The caller now has your wallet, bank cards, ID cards and a PIN number they can use to try and defraud you.

What to do if you receive a suspicious call

Think about the information you are being asked for:

  • is what the person is saying believable?
  • why do they need this information?
  • are they making a reasonable request for this purpose?
  • is this person who they say they are?

It is ok to say no and to ask them to verify who they are. If you are not sure of the credibility of the person you are speaking to hang-up and call the organisation yourself. Don’t call any phone numbers the caller gives you either over the phone or in email, look up a phone number for the organisation on their website.

Find information on how to report a cyber security incident at UC here>

Email phishing exercise

Did you know approximately 45% of the world’s sent email is SPAM? While some SPAM email can be harmless enough, other SPAM is used to target and exploit personal information and data form people or alter the behaviour of the device they are using.

To help us understand how well we are supporting and informing UC students and staff on cyber security we will be carrying out random phishing test exercises over the next few weeks.

The exercise will involve sending emails that use techniques similar to those used by cyber criminals to encourage the recipient to take a specific action. We will send these to a random group of UC email addresses and monitor the outcome. No personal information of individuals in the test group will be retained.

We take this kind of exploitative SPAM email seriously and employ a number of tools to reduce the amount that makes it to your inbox. The most effective way to reduce harm to you, your data and UC is to be aware of techniques being used by cyber criminals and to make you aware of what to look for, how to react and who to report incidents to.

More information about how to spot phishing email and what to do if you receive a phishy email, check out UC’s cyber security webpage>

If you have any questions or concerns please contact the ITS Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.