Tag Archives: cyber security

Looking after your devices

Do you share thoughts and memories, pictures of holidays, gatherings and other adventures online? Do you share these things on one or more social media platforms?

One of the most vulnerable and common channels for attack is outdated software. Cyber criminals have millions of infected machines that continually scan the internet looking for vulnerable devices to attack. They use holes in software, operating systems and communications, to push their way through the cracks and try to execute code, and once they have a foothold they can cause a huge amount of damage.

Damage could include:

  • stealing your information
  • using your device without your knowledge to spread malware, attack online services, mine cryptocurrency, etc.
  • overriding safety settings on your device and encrypting the data.

To avoid this you should actively keep your device up to date installing updates that are available for your device. Also make sure you keep software and apps on your devices up to date. These updates often ‘patch’ security vulnerabilities that criminals use to exploit devices. Take a few minutes now to make sure your device is up to date.

Other things to consider.

  • Make sure you download software from reputable sources such as Apple App Store, Google Play, Microsoft, Amazon, Steam.
  • If you are getting ‘free’ software, what are you giving the publisher in return? They might be tracking your location or want access to your address book.
  • Use anti-virus and anti-malware tools to scan your device regularly (yes, even MacOS users should do this).
  • Avoid using portable USB storage across multiple devices.
  • Is information on your device backed-up somewhere?
  • Is your device need a password to gain access? – it should.
  • Use a secure browser and think about where you are browsing too, is it ‘legit’?

How to report a cyber security incident at UC

Log a ticket on the IT Self Service portal>
Ring IT Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.
Email report-phishing@canterbury.ac.nz and attach phishing email, ensuring header of scam email is included.

If you have any questions, contact the IT Service Desk or visit the desk located in the Central Library. Call us on our free call number 0508 UC IT HELP (0508 824 843) or on 03 369 5000.

Non-technical social engineering scam

Social engineering as a scam can take many different forms. One of these is a non-technical form where a scammer already knows enough about you to make you feel comfortable and confident in revealing more personal information that they really need to defraud you.

This is known as ‘pretexting’ or ‘vishing’ voice-phishing, where the scammer is phishing for information using voice communication like a phone call. The caller uses information about you they already know, which could be pieced together from your social media accounts or if you have lost or had your wallet stolen, they will present themselves as someone trustworthy like a representative from your bank.

A good example of this could be if you have lost your wallet. A scammer might find a shop receipt in your lost wallet and call you posing as a shop attendant. To get more information out of you they might say you have won a voucher and simply need you to provide a PIN number to activate the card. Unfortunately, most people will provide a PIN number they already use. The caller now has your wallet, bank cards, ID cards and a PIN number they can use to try and defraud you.

What to do if you receive a suspicious call

Think about the information you are being asked for:

  • is what the person is saying believable?
  • why do they need this information?
  • are they making a reasonable request for this purpose?
  • is this person who they say they are?

It is ok to say no and ask them to verify who they are. If you are not sure of the credibility of the person you are speaking to hang-up and call the organisation yourself. Don’t call any phone numbers the caller gives you either over the phone or in email, look up a phone number for the organisation on their website.

Find information on how to report a cyber security incident at UC here>

Email phishing exercise

Did you know approximately 45% of the world’s sent email is SPAM? While some SPAM email can be harmless enough, other SPAM is used to target and exploit personal information and data form people or alter the behaviour of the device they are using.

To help us understand how well we are supporting and informing UC staff and students on cyber security we will be carrying out random phishing test exercises over the next few weeks.

The exercise will involve sending emails that use techniques similar to those used by cyber criminals to encourage the recipient to take a specific action. We will send these to a random group of UC email addresses and monitor the outcome. No personal information of individuals in the test group will be retained.

We take this kind of exploitative SPAM email seriously and employ a number of tools to reduce the amount that makes it to your inbox. The most effective way to reduce harm to you, your data and UC is to be aware of techniques being used by cyber criminals and to make you aware of what to look for, how to react and who to report incidents to.

More information about how to spot phishing email and what to do if you receive a phishy email, check out UC’s cyber security webpage>

If you have any questions or concerns please contact the ITS Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.

Taking a break? Lock your device

When you step away from your computer, make sure you lock it. We’re not suggesting your colleagues can’t be trusted, but what if you’re out of the room, and then they leave the room too? Suddenly everything on your computer is available to anyone who passes by. Someone could: send malicious emails that are apparently from you; steal files; install and send viruses from your machine; install malware that steals your credentials; and many other destructive things – all of which you could be held accountable for because you “left the front door of your computer open”.

Anytime you step away from your computer, even just to grab a coffee or go to the bathroom, lock your computer.

Below are shortcuts to lock your Windows, Linux and Apple Mac computers:


  • Press ‘Windows + L’ (for Lock).
  • Alternatively, press Ctrl + Alt + Del, then click Lock this computer.


  • Press the Super key, and ‘L’ (for ‘Lock’). So that’s Win + L.
  • Or if you are running an older version of Linux use Ctrl + Alt + L.


  • Press ‘Control + Shift + Eject’ or ‘Control + Shift + Power’.

It is shocking what someone can do with your identity: they can get access to EVERYTHING you do on your device which in turn can take a massive toll on the University and you individually, and damage your relationships.

  • You could find all your data has been deleted or encrypted and held for ransom
  • The University network could be locked down – stopping staff and students from being able to work – and requiring millions of dollars and weeks or months to fix
  • You could lose access to your banking and social media accounts
  • Your identity could be stolen
    • Loans and credit cards may be opened in your name
    • Unauthorised purchases may be billed to you
    • You may become a victim of tax fraud
    • You may be locked out of apps and web-based services, forever!! (Losing family photos, thesis papers etc.)
    • Your electronic devices may be used as a tool of cyber-crime (sending spam or spreading malware)

Find out more about cyber security at UC here>

How to report a cybersecurity incident

If you have any questions, feel free to contact the IT Service Desk. Call us on our free call number 0508 UC IT HELP (0508 824 843) or on 03 369 5000.

Spotting a social engineering scam

In some previous cyber security posts we’ve mentioned a couple of types of scams that use social engineering, eg. phishing. Social engineering is a way of tricking people into sharing their personal information.

Here, we’re going to talk about the equally dangerous non-technical social engineering attacks that we all may face.

These scammers use little pieces of information they already know about you to trick you into revealing sufficient information that they can then defraud you. This is called ‘pretexting’ or ‘vishing’ voice-phishing and is often done through a phone call.

If you receive a phone call you are uncertain about, hang-up the call and find a phone number for the organisation to call them back, don’t call any phone number the caller gives you.

It’s ok to say no – think about the information you are being asked for when filling out forms, having conversations or responding to emails:

  • is what they are saying believable?
  • why do they need this information?
  • are they making a reasonable request for this purpose?
  • is this person who they say they are?

Read these examples and check out this video to understand what social engineering might sound like. Read more about cyber security and reporting incidents at UC here>

Hi, this is Tracey calling from {Your Bank}.

We’ve blocked some suspicious overseas charges made on your card ending {last 4 digits of your card}, and we’d like to check on these with you, if that’s OK.

Before we can do that I need to run you through some security checks.

Can you please confirm the billing address for the card is correct?

Great thanks. Can you please confirm your mother’s maiden name? 

OK, we’re good to go. Have you been to a restaurant called La Roux earlier today? Spending $43.20?

No, OK, we’ll need to cancel your card and issue you a new one.

Don’t worry, we can get the new card to you quickly, if I get this processed now I can get it to you in the next 48hrs.

To make things easy for you I can make sure the same PIN number is used so you will be able to use the card straight away.

If you can confirm your PIN number I’ll get that added.

Awesome, that is done, your new card is on its way.

As you can see the scammer now has your card number, answer to your security question and current PIN number.

This example would be carried out after a wallet has been stolen. The initial information comes from a receipt found in your wallet.

Hi {your name},

This is Tracey from {names a store you have a receipt from found in your wallet}, you’ve won a gift card worth $150 that you can pick up next time you are in the {names location of the store from the receipt} store.

To secure the card for you I need to put a PIN number on the it, what PIN number would you like me to add to the card?

All done. That card will be waiting for you in store.

Have a good day.”

Unfortunately, most people will provide their own banking PIN number, because by human nature, we’re lazy and use the same PIN numbers or passwords for multiple purposes.