Tag Archives: cyber security

Longer passwords are stronger passwords

It’s simple, the longer your password is the stronger it is. A password of 12 characters is estimated to be 13 million times stronger than an eight character password and a 16 character password is estimated to be over 166 trillion times stronger than an 8 character password.

At UC we recommend you use passwords of 10-16 characters in length for UC systems. But let’s take a minute to talk about passwords. Exciting isn’t it?

Do you use a key for your front door? Are you happy giving it to strangers? No? This is the same thing, so it’s an important conversation and worth having. Being digitally security-aware is just as important as being home security-aware.

Here’s the thing:

Remember just three passwords, and that is it:

  1. Your bank password – don’t use this for anything else
  2. Your work password – don’t use this for anything else
  3. Your password manager password – don’t use this for anything else. See more about password managers at www.canterbury.ac.nz/its/cybersecurity

Why? Some accounts are more important than others, especially your work and your bank, so have individual passwords for them, and then one more for your password manager.

Tips to create a strong password;

  • Don’t use common dictionary words – Eg. orange, car, password
  • Don’t use sequential letters or numbers – Ex. 12345, abcde
  • Don’t use repeated letters/numbers or keyboard patterns – Ex. 111, aaa, qwerty, asdfgh

Longer passwords are stronger passwords – as long as you stick to the rules above too.

Are you using the same password for everything?

It sounds like a clever strategy to avoid forgetting which is which, right? But have you noticed how those online security breaches just seem to keep happening? Using the same password means that if it falls into the wrong hands, then that person has your password to everything. It’s worth taking a moment to think about what that could include.

Find out more about cyber security at UC, visit www.canterbury.ac.nz/its/cybersecurity

Tips to spot a phishing scam

Can you imagine the headache you’d have if a hacker got access to your social media, banking, dating, or email login details? But you wouldn’t just hand this kind of information over to a stranger would you?

Hmm, here are some basic tips to spotting a scam.

Consider these before opening an email that you weren’t expecting to receive.

  • Is the spelling and grammar in the message correct?
  • Does the link and the text match (hover your mouse over the link and you’ll see where it really goes).
  • Does the email urge you to take immediate action?
  • Does the email address of the sender look reasonable given the content of the email?
  • Look at the salutation (does it say ‘Dear Customer’)?
  • Look at the signature, a lack of details or how you can contact the company suggests phishing.
  • Are you even expecting an email from that sender?
  • Is the message asking you to do something unusual? (eg. buy iTunes cards).

Together we can make a difference, but what should you do next?

If you think it’s a phishing email or spam:

If the message is plausible:

  • go to the website of the service, or bank yourself (don’t click that link in the email), then log in and see if you have any messages
  • if it’s someone sharing a file or similar with you, contact the person (in a new email not by using ‘reply’) and ask them.

If you’re not be sure, treat it with caution and report it

It it amazing what hackers can do with access to your device, they get access to EVERYTHING you do on that device which can take a massive toll on you individually and damage your relationships.

  • You could lose access to your banking and social media accounts.
  • You could find all your data has been deleted or encrypted and held for ransom.
  • Your identity could be stolen,
    • loans and credit cards may be opened in your name.
    • unauthorised purchases may be billed to you.
  • You may become a victim of tax fraud.
  • You may be locked out of apps and web-based services, forever!! (Losing family photos, thesis papers etc).
  • Your electronic devices may be used as a tool of cyber-crime (sending spam or spreading malware).

See more about cyber security at UC>

Cyber attacks target Christchurch

We have been advised by NZ CERT (Cyber Security authority) that a number of opportunistic online scams and attacks are being experienced in the wake of the Christchurch attack.

The scams include:

  • Online donation fraud
  • Malware embedded in video files
  • Defacement of NZ websites and denial of service.

The scams and attacks follow these formats:

  • phishing emails containing links to fake online banking logins. These emails also contain fraudulent bank accounts where victims can make donations for the Christchurch tragedy
  • sharing malicious video files on compromised websites or on social media. A video file containing footage related to the attack had malware embedded in it and this malicious file is being shared online
  • attackers changing New Zealand websites to spread political messages about the Christchurch tragedy
  • New Zealand websites receiving threats of denial-of-service attacks, which would take them offline.

There are official channels to donate money to the victims of these tragic events. CERT NZ recommends that anyone wishing to donate seek out official platforms and banks rather than using links in emails or on social media.

What to do

  • Don’t make donations by clicking links in social media sites. Go to the official donation websites, and donate directly.
  • Don’t share video files on social media
  • If you receive an email or link and want to check it out further, send it as an email attachment to the IT Help Desk – when you do this we learn from your experience and apply learnings across UC servers, this makes it safer for everyone.

For further information contact the IT Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000

Or log a ticket on the IT Self Service portal: https://assist.canterbury.ac.nz/selfservice/

Please share this information.

Who do you forward a phishing email to?

We have an email address to send phishing scams to.
However you need to do it in a particular way:

  1. Create a new email message, addressed to report-phishing@canterbury.ac.nz
  2. Drag the phishing email from your email Inbox and drop it onto the new email message. This adds the phishing email as an attachment to the new email message – this is an important step because ITS need the internet header of the scam email.

You might be wondering why you can’t just forward the phishing email? By attaching the email you ensure that the phishing email’s sender header information is included too, and ITS need that information.

Further reading:


For great time-saving tips, look up our Archive of Tech Tips or look through the Technology Information for Staff website.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.

How to Spot a Phishing Scam

How to spot a phishing scam

Cyber-criminals are targeting the University, and you, right now. They are trying to trick you into revealing passwords, clicking links, buying things, giving away personal information, altering the behaviour of the device you use, and a lot more. If you are thinking “it can’t happen to me”, or “why would they bother with me?”, consider this. Cyber-criminals are using you as a stepping stone to the things that are valuable to them. Most of these scam emails are being intercepted by your personal SPAM filter, and in the case of your UC email, the University’s PreciseMail SPAM filter. But some could still get through to your inbox.

So, what is a phishing email?

A phishing email is an email that encourages you to take a specific action. That action leads to a compromise of your security or the University’s security. It could use you to become part of a criminal chain of events.

What can be particularly confusing about a phishing email is that it can even appear to come from someone you know and trust.

Tips to help you spot a phishing email

– Strange requests. Would the person you think the email is from really ask you to do that?

– The sender’s email address seems odd or contains an odd ending. For example, the email address is strangename.firstname.lastname@canterbury.ac.nz,
or firstname.lastname@hotmail.com instead of firstname.lastname@canterbury.ac.nz

– The message contains a mismatched URL (link to click). Even if a URL/link in an email appears to be perfectly valid. However, if you hover your mouse over the top of the URL/link, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious, and you should not click it.

– The message contains poor spelling and grammar.

– You didn’t initiate the action.

– The message asks for personal information.

– You’re asked to spend money or send money.

– Something just doesn’t look right. Be suspicious.

What should you do?

– Think before you click! Does the email fit any of the “red flags” listed above?

– Never give out personal information – as a general rule, you should never share personal or financially sensitive information over the internet. Most phishing emails will direct you to pages where entries for financial or personal information are required.

– Make it a habit to check the address of the website and the email address of the sender. A secure website always starts with https. Does the sender’s email address seem odd?

– Be skeptical, not curious. If in doubt, don’t!

– Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” These are all warning signs, think before you click, and never give out your password or financial info unless you’re properly signed into your account.

Have you also read our Tech Tip: Cyber security: yes, lock your doors