Tag Archives: cyber security

Who do you forward a phishing email to?

We have an email address to send phishing scams to.
However you need to do it in a particular way:

  1. Create a new email message, addressed to report-phishing@canterbury.ac.nz
  2. Drag the phishing email from your email Inbox and drop it onto the new email message. This adds the phishing email as an attachment to the new email message – this is an important step because ITS need the internet header of the scam email.

You might be wondering why you can’t just forward the phishing email? By attaching the email you ensure that the phishing email’s sender header information is included too, and ITS need that information.

Further reading:

For great time-saving tips, look up our Archive of Tech Tips or look through the Technology Information for Staff website.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.

How to Spot a Phishing Scam

How to spot a phishing scam

Cyber-criminals are targeting the University, and you, right now. They are trying to trick you into revealing passwords, clicking links, buying things, giving away personal information, altering the behaviour of the device you use, and a lot more. If you are thinking “it can’t happen to me”, or “why would they bother with me?”, consider this. Cyber-criminals are using you as a stepping stone to the things that are valuable to them. Most of these scam emails are being intercepted by your personal SPAM filter, and in the case of your UC email, the University’s PreciseMail SPAM filter. But some could still get through to your inbox.

So, what is a phishing email?

A phishing email is an email that encourages you to take a specific action. That action leads to a compromise of your security or the University’s security. It could use you to become part of a criminal chain of events.

What can be particularly confusing about a phishing email is that it can even appear to come from someone you know and trust.

Tips to help you spot a phishing email

– Strange requests. Would the person you think the email is from really ask you to do that?

– The sender’s email address seems odd or contains an odd ending. For example, the email address is strangename.firstname.lastname@canterbury.ac.nz,
or firstname.lastname@hotmail.com instead of firstname.lastname@canterbury.ac.nz

– The message contains a mismatched URL (link to click). Even if a URL/link in an email appears to be perfectly valid. However, if you hover your mouse over the top of the URL/link, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious, and you should not click it.

– The message contains poor spelling and grammar.

– You didn’t initiate the action.

– The message asks for personal information.

– You’re asked to spend money or send money.

– Something just doesn’t look right. Be suspicious.

What should you do?

– Think before you click! Does the email fit any of the “red flags” listed above?

– Never give out personal information – as a general rule, you should never share personal or financially sensitive information over the internet. Most phishing emails will direct you to pages where entries for financial or personal information are required.

– Make it a habit to check the address of the website and the email address of the sender. A secure website always starts with https. Does the sender’s email address seem odd?

– Be skeptical, not curious. If in doubt, don’t!

– Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” These are all warning signs, think before you click, and never give out your password or financial info unless you’re properly signed into your account.

Have you also read our Tech Tip: Cyber security: yes, lock your doors



IT policy changes in response to cyber security environment

The IT Policy Framework has been reviewed and amended in response to an increasingly complex cyber security environment. Here, Alex Hanlon, Executive Director | Kaihautū Matua, Learning Resources | Te Ratonga Rauemi Ako  highlights  some of the important changes.

UC wishes to increase our monitoring of computer use – this will affect you and any device, UC or otherwise, that you might use to work on.

• The IT Policy Framework (“the Policy”) is the overarching document that describes the relationship between the IT services provided by the University.

• The Internet Usage Policy defines what the University considers appropriate usage of the internet and how access to the internet will be managed and monitored.

These Policies are reviewed annually in response to changing demands.

As you will be aware, the cyber-security landscape is constantly evolving. As a result of this increasing threat, it has become necessary to increase our defences with regards to the threats posed by those who misuse technology against individuals and organisations.

With this in mind, the Policy has been updated to encompass further measures around enforcement and monitoring to ensure that the UC IT environment is more safe and secure. The updated policy has been approved by the University Senior Management Team.

The Policy has always permitted IT Services to undertake monitoring, but the scope and circumstances of that monitoring have been less than what is now proposed. IT Services will now be continually and increasingly monitoring all aspects of the University’s IT systems and devices that are connected to these systems. This means that IT Services will use a range of monitoring tools to constantly scan for, and check characteristics of all files and devices that use the UC network, and our IT systems.

There are two main areas of the policy that have changed;

1. The first is in the case of non-University owned devices. You are no longer encouraged to connect your own devices to University network and IT systems (although there is no prohibition on you doing so), however if you do connect your own devices to the University IT systems, you must accept that non-UC devices are subject to monitoring, and if necessary, investigation. All investigations will continue to be carried out in accordance with UC procedures which take account of UC’s privacy obligations.

2. The Policy makes clear that University IT resources are not provided for personal use purposes; anything that you have on any University-provided system that you might consider “personal” (including files, photos, music and video) is subject to monitoring and investigation. For the avoidance of doubt, the scope includes the University email systems.

UC appreciates that these changes will have far-reaching consequences, and therefore system-wide monitoring under the IT Policy Framework and Internet Usage Policy will not take immediate effect, but will come into force on 1 January 2019.

We encourage you to take the opportunity to remove any personal files/emails that you do not want to be the subject of the University monitoring activities before the summer holidays.

As part of our increasingly aggressive cyber-defence approach, the University is also trying to make everyone aware of cyber-risks that we are all subject to; you will begin to see posters, Intercom and Insider’s Guide posts, information on digital usage, all providing tips on how to help you identify threats and to reduce your own cyber risk profile and flow on effects to UC network and IT systems.

Keep an eye out for future updates.

For further information please contact Andy Keiller, Chief Information Officer: andy.keiller@canterbury.ac.nz.



Cyber security: yes, lock your doors

It’s National Cyber Smart Week.

Are you still leaving your digital security wide open? So many people do. But so many people get hacked, and…

Don’t wait until it’s too late!

Start moving in the right direction now.
Here are 2 great links to help you get started:

Link 1: Protect your online self this Cyber Smart Week

Link 2: Keen to know where to start with cyber security? Learn the basics here.

For great time-saving tips, look up our Archive of Tech Tips or look through the the Technology Information for Staff website.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.