Tag Archives: Phishing

Email phishing exercise

Did you know approximately 45% of the world’s sent email is SPAM? While some SPAM email can be harmless enough, other SPAM is used to target and exploit personal information and data form people or alter the behaviour of the device they are using.

To help us understand how well we are supporting and informing UC staff and students on cyber security we will be carrying out random phishing test exercises over the next few weeks.

The exercise will involve sending emails that use techniques similar to those used by cyber criminals to encourage the recipient to take a specific action. We will send these to a random group of UC email addresses and monitor the outcome. No personal information of individuals in the test group will be retained.

We take this kind of exploitative SPAM email seriously and employ a number of tools to reduce the amount that makes it to your inbox. The most effective way to reduce harm to you, your data and UC is to be aware of techniques being used by cyber criminals and to make you aware of what to look for, how to react and who to report incidents to.

More information about how to spot phishing email and what to do if you receive a phishy email, check out UC’s cyber security webpage>

If you have any questions or concerns please contact the ITS Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.

Tips to spot a phishing scam

Can you imagine the headache you’d have if a hacker got access to your social media, banking, dating, or email login details? But you wouldn’t just hand this kind of information over to a stranger would you?

Hmm, here are some basic tips to spotting a scam.

Consider these before opening an email that you weren’t expecting to receive.

  • Is the spelling and grammar in the message correct?
  • Does the link and the text match (hover your mouse over the link and you’ll see where it really goes).
  • Does the email urge you to take immediate action?
  • Does the email address of the sender look reasonable given the content of the email?
  • Look at the salutation (does it say ‘Dear Customer’)?
  • Look at the signature, a lack of details or how you can contact the company suggests phishing.
  • Are you even expecting an email from that sender?
  • Is the message asking you to do something unusual? (eg. buy iTunes cards).

Together we can make a difference, but what should you do next?

If you think it’s a phishing email or spam:

If the message is plausible:

  • go to the website of the service, or bank yourself (don’t click that link in the email), then log in and see if you have any messages
  • if it’s someone sharing a file or similar with you, contact the person (in a new email not by using ‘reply’) and ask them.

If you’re not be sure, treat it with caution and report it

It it amazing what hackers can do with access to your device, they get access to EVERYTHING you do on that device which can take a massive toll on you individually and damage your relationships.

  • You could lose access to your banking and social media accounts.
  • You could find all your data has been deleted or encrypted and held for ransom.
  • Your identity could be stolen,
    • loans and credit cards may be opened in your name.
    • unauthorised purchases may be billed to you.
  • You may become a victim of tax fraud.
  • You may be locked out of apps and web-based services, forever!! (Losing family photos, thesis papers etc).
  • Your electronic devices may be used as a tool of cyber-crime (sending spam or spreading malware).

See more about cyber security at UC>

Cyber attacks target Christchurch

We have been advised by NZ CERT (Cyber Security authority) that a number of opportunistic online scams and attacks are being experienced in the wake of the Christchurch attack.

The scams include:

  • Online donation fraud
  • Malware embedded in video files
  • Defacement of NZ websites and denial of service.

The scams and attacks follow these formats:

  • phishing emails containing links to fake online banking logins. These emails also contain fraudulent bank accounts where victims can make donations for the Christchurch tragedy
  • sharing malicious video files on compromised websites or on social media. A video file containing footage related to the attack had malware embedded in it and this malicious file is being shared online
  • attackers changing New Zealand websites to spread political messages about the Christchurch tragedy
  • New Zealand websites receiving threats of denial-of-service attacks, which would take them offline.

There are official channels to donate money to the victims of these tragic events. CERT NZ recommends that anyone wishing to donate seek out official platforms and banks rather than using links in emails or on social media.

What to do

  • Don’t make donations by clicking links in social media sites. Go to the official donation websites, and donate directly.
  • Don’t share video files on social media
  • If you receive an email or link and want to check it out further, send it as an email attachment to the IT Help Desk – when you do this we learn from your experience and apply learnings across UC servers, this makes it safer for everyone.

For further information contact the IT Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000

Or log a ticket on the IT Self Service portal: https://assist.canterbury.ac.nz/selfservice/

Please share this information.

Email phishing test exercise

Did you know 45% of the world’s sent email is SPAM? While some SPAM email can be harmless enough, there are people out there who use email to target others, exploit their personal information and data or alter the behaviour of the device they are using.

To help us understand how well we are supporting and educating UC students and staff on cyber security we will be carrying out random phishing test exercises between now and the end of year.

The exercise will involve sending emails that use techniques similar to those used by cyber criminals to encourage the recipient to take a specific action. We will send these to a random group of UC email addresses and monitor the outcome – link clicks or attachment opens. We will only be recording the number of actions taken during the exercise and what technique was responded to. No personal information of individuals in the test group will be retained.

UC takes this kind of exploitative SPAM email seriously and employs a number of tools to reduce the amount that gets to you. The most effective way to reduce harm to you, your data and UC is to be aware of techniques being used by cyber criminals and to educate users about what to look for, how to react and who to report incidents to.

If you have any questions or concerns please contact the ITS Service Desk on 0508 UC IT HELP (0508 824 843) or on 03 369 5000.