Cyber security: scams and phishing

Welcome back to our five-part cover of Cyber Security. We’ve already shared with you about being safe at home and how to encrypt your devices. This week will be about scams and phishing.

We’re sure you’re already aware of the multiple scams doing the rounds. We bet you’ve already had to help out or remind a few family and friends Microsoft hasn’t called needing remote access to their computers. Nor can back taxes cannot be paid with Apple iTunes cards. And the UK Lottery hasn’t tracked them down as the winner of a prize, especially as they’ve NEVER played the UK Lottery.

But we digress.

Scams come in multiple forms including emails, text messages, instant messaging and phone calls. Most common reasons for a scam is to get money easily, quickly and non-traceable, or to gain access to your sensitive and identifying information. However, scams such as ‘let me use your bank account’ can often be a front for the more serious crime of money laundering. You need to be vigilant when checking messages.

Digital Solutions asks you to consider the three red flags of a scam.

  1. Authority (do communications come from a seemingly authoritative figure?)
  2. Urgency (is the person instilling a sense of urgency to take action?)
  3. Dire Consequences (is the person threatening dire consequences or trying to cause fear?)

Chances are the CEO of a company doesn’t feel the need to email you directly, at least not straight away! And beware of ‘urgent’ wording, it’s designed to make you panic respond. Take time and contact the numbers on official websites to confirm you have been messaged and steps to take. Finally, you are probably not going to be sent to jail if you don’t pay a fine within the next 2 hours.

Other points to note:

  • Asking you to confirm or disclose your account details – Griffith University will never ask you for your password
  • Web or email address is not quite right e.g.
    • jane@gmail.com instead of jane@griffith.edu.au
    • john@appl.com instead of john@apple.com
    • griffithu.org instead of griffith.edu.au
  • Web addresses can be checked by hovering over weblinks, look for the domain at the end after ‘domain=’ this is where the link will take you
  • Spelling mistakes and poor grammar in the email
  • Generic salutations such as ‘Dear user’, ‘Dear valued customer’ instead of using your name
  • Work related emails sent outside of reasonable business hours
  • Reply address does not go to the expected sender

Note: From addresses are easily spoofed/faked, however reply addresses can’t be

Hover or long-click links to see the actual address.

Before you get too sure you wouldn’t fall for these scams, the Nigerian Prince scam still takes over $700,000 a year. We often think we are smart enough to spot a fraud, and sometimes, that’s what they rely on.

Your best line of defence is being aware of current scams doing the rounds. And our best line of defence is you keeping us safe while we keep all our students and staff safe.

If you believe you have been compromised – change passwords immediately and contact any institution they claim to be associated with.

We will list known scams on our cyber security page, however you can also check them out on Stay Smart Online and Scamwatch – both operated by the Australian Government.

Alerts, News and Advisories

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s