Tag Archives: cybersecurity

Who do you forward a phishing email to?

We have an email address to send phishing scams to.
However you need to do it in a particular way:

  1. Create a new email message, addressed to report-phishing@canterbury.ac.nz
  2. Drag the phishing email from your email Inbox and drop it onto the new email message. This adds the phishing email as an attachment to the new email message – this is an important step because ITS need the internet header of the scam email.

You might be wondering why you can’t just forward the phishing email? By attaching the email you ensure that the phishing email’s sender header information is included too, and ITS need that information.

Further reading:


For great time-saving tips, look up our Archive of Tech Tips or look through the Technology Information for Staff website.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.

How to Spot a Phishing Scam

How to spot a phishing scam

Cyber-criminals are targeting the University, and you, right now. They are trying to trick you into revealing passwords, clicking links, buying things, giving away personal information, altering the behaviour of the device you use, and a lot more. If you are thinking “it can’t happen to me”, or “why would they bother with me?”, consider this. Cyber-criminals are using you as a stepping stone to the things that are valuable to them. Most of these scam emails are being intercepted by your personal SPAM filter, and in the case of your UC email, the University’s PreciseMail SPAM filter. But some could still get through to your inbox.

So, what is a phishing email?

A phishing email is an email that encourages you to take a specific action. That action leads to a compromise of your security or the University’s security. It could use you to become part of a criminal chain of events.

What can be particularly confusing about a phishing email is that it can even appear to come from someone you know and trust.

Tips to help you spot a phishing email

– Strange requests. Would the person you think the email is from really ask you to do that?

– The sender’s email address seems odd or contains an odd ending. For example, the email address is strangename.firstname.lastname@canterbury.ac.nz,
or firstname.lastname@hotmail.com instead of firstname.lastname@canterbury.ac.nz

– The message contains a mismatched URL (link to click). Even if a URL/link in an email appears to be perfectly valid. However, if you hover your mouse over the top of the URL/link, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious, and you should not click it.

– The message contains poor spelling and grammar.

– You didn’t initiate the action.

– The message asks for personal information.

– You’re asked to spend money or send money.

– Something just doesn’t look right. Be suspicious.

What should you do?

– Think before you click! Does the email fit any of the “red flags” listed above?

– Never give out personal information – as a general rule, you should never share personal or financially sensitive information over the internet. Most phishing emails will direct you to pages where entries for financial or personal information are required.

– Make it a habit to check the address of the website and the email address of the sender. A secure website always starts with https. Does the sender’s email address seem odd?

– Be skeptical, not curious. If in doubt, don’t!

– Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” These are all warning signs, think before you click, and never give out your password or financial info unless you’re properly signed into your account.

Have you also read our Tech Tip: Cyber security: yes, lock your doors

 

 

Cyber security: yes, lock your doors

It’s National Cyber Smart Week.

Are you still leaving your digital security wide open? So many people do. But so many people get hacked, and…

IT CAN HAPPEN TO YOU!!!
Don’t wait until it’s too late!

Start moving in the right direction now.
Here are 2 great links to help you get started:

Link 1: Protect your online self this Cyber Smart Week

Link 2: Keen to know where to start with cyber security? Learn the basics here.


For great time-saving tips, look up our Archive of Tech Tips or look through the the Technology Information for Staff website.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.

The Life And Times Of Your Passwords

Let’s talk passwords. Exciting isn’t it?

But wait: do you use a key for your front door? Are you happy giving it to strangers? No? Well, this is the same thing, so it’s important we think about how secure our digital life is too. Being digitally security-aware is just as important as being home security-aware.

Here’s the thing, remember three passwords, and that’s it:

  1. Your bank password – don’t use this for anything else
  2. Your work password – don’t use this for anything else
  3. Your password manager password – don’t use this for anything else. Keep reading, to find out what a password manager is and how it can make your life easier.

It’s simple, some accounts are more important than others, especially your work and your bank, so have individual passwords for them, and then one more for your password manager.

Have you fallen into the trap of using the same password for everything?
It sounds like a clever strategy to avoid forgetting which is which, but have you noticed how those online security breaches just seem to keep happening? That clever strategy of yours means that sooner or later your password to everything is going to get into the wrong hands, and then someone else has your password to everything. Not good.

Tip 1: Don’t use the same password in multiple places.

OK, so how do you remember multiple passwords?
Answer: you don’t.

Tip 2: Use a password manager.
A password manager is like a locked safe containing a different password for every site you need one for (this is a very good thing), and it applies the right password for each site when you need it. Basically, it keeps track of all those passwords that are not your work and bank passwords. To get into your password manager, you use a “master” password, which should be a long and unguessable password. An odd sentence with no spaces works well – but “theywillneverguessthisone” has already been figured out, so be more clever than that. If someone can guess your master password, they can get to all your passwords, so be diligent about that long and unguessable password.

Sometimes you can use two factor authentication to make this master password even more secure. (Two factor authentication is a process whereby after you enter a password into the system, you then need to do something else with something you have, such as entering a code that the system sent to your (preregistered) cellphone, or entering a number displayed on a token, or inserting or touching a special USB device.)

Some Password managers you might to look at are Lastpass, Keepass or Dashlane.

Here is an article and some videos about the value of using Password managers:

https:///washingtonpost.com/technology/2018/07/12/your-password-has-likely-been-stolen-heres-what-to-do-about-it


Check out our Archive of Tech Tips. Click the link, then press the ‘End’ key on your keyboard to jump to the end of the Archive list where the most recent Tips are.

Was this tip helpful to you? Anything else you want to know? Please leave a comment below.

You’ll find more learning at Learning and Development.