Phishing security

Image

Phishing comes in many forms, but primarily is a type of online identity theft.

It’s a way of fraudulently obtaining personal information by sending fake emails that look like they come from a trusted source. Typically, phishing emails ask you to click on a link to verify or update your contact details or to provide credit card information. The link takes you to a forged web page where information you submit (such as your password) can be captured and potentially used for malicious purposes.



How emails can be dangerous

Throughout RMIT there have been examples of phishing emails that look like Australia Post parcel notifications, as well as hoax Google and Dropbox file sharing notifications. They attempt to trick you into disclosing your email, phone number and other information relating to your RMIT identity.

Attackers use phishing emails as a way to:

1. Deliver file attachments that can infect your computer with malware.

2. Entice you to click on links that take you to websites that will infect your computer with malware just by visiting it.

3. Trick you into handing over your user credentials so that they can gain access to your network or other sites.

Attackers also research their targets online and via social media to find information that will make their emails sound more authentic - so it’s important not to overshare information via these channels.

Phishing attacks can be very professional and often target senior managers and their assistants within an organisation due to the level of access they have. In these instances, adhering to procedure is the best form of defence. If you receive an email asking you to bypass the usual protocols, be suspicious.

Clues to look out for

Phishing attacks can be sophisticated, so it’s smart to question any email that asks for personal information, even if it has the logo or email address of an official organisation.

To protect yourself from phishing attacks, look out for emails and messages that have these characteristics:

1. You are asked to click on links or open attachments.

2. The message creates a sense of urgency.

3. The message invokes strong emotions like greed or fear.

4. Sensitive data is requested.

To reduce the risk:

  • Look at the sender’s address. If the address doesn’t match the sender name, be suspicious.
  • Check the signature. If it’s overly generic or doesn’t follow company protocols, it could indicate that something is wrong.
  • Assess the tone. We know how our co-workers talk, so if an email sounds strange, it’s worth another look.
  • Hover your cursor over any links to see if the web address displayed matches what’s in the email. If it’s not what you’d expect, don’t click it.*

Remember that legitimate companies will never ask for passwords, tax file numbers or other sensitive data via email. And always check the URL of the site you are visiting. Phishing emails often direct you to a website that appears to look legitimate, but it’s actually used to steal your password or other sensitive data.

*RIMT stops suspicious links being accessible from RMIT staff and student email accounts.

If a link is safe, you will automatically be sent to the website you have requested. If it is not safe, a block message will be displayed.

Hovering over web links will display the Mimecast URL https://protect-au.mimecast.com so you'll know you and the University are being protected.

Improved phishing protection

We’ve rolled out an enhanced email security service to all staff and student RMIT email accounts.

This service from Mimecast stops suspicious web links in email from being accessed, to better protect staff and students from spam, phishing and ransomware.

If you click a link within an email and it's safe, you will be sent directly to the website. If it is not safe, a block message will be displayed. You will no longer need to hover your cursor over web links in your emails to confirm legitimacy.

Hovering over web links will display the Mimecast URL https://protect-au.mimecast.com so you'll know you and the University are being protected.

Note: This does not affect any of your personal email accounts, so you will need to remain vigilant against security attacks.

If you have any queries, please contact the Service and Support Centre.

About attachments

For years malware has been spread through files attached to email messages. Spear-phishers use file attachments to install malicious files like keystroke loggers to steal credentials and Trojan horses that allow them access to your network.

Identifying malicious attachments can be tricky, even for the experts. However there are a few things that indicate an attachment could be malicious:

1. The attachment is out of context, for instance you receive a file named Payroll yet you work in Student Services.

2. You weren't expecting an attachment.

3. The file type is out of place, for example you are asked to review a document and the file extension is .exe.

Phishers can change the name of a file extension to make it look innocent, and also hide malicious files in a ZIP file. Therefore it’s always important that you remain alert whenever you receive an email with file attachments.

Forged web pages

Some phishing attacks try to trick victims into handing over sensitive data (such as usernames and passwords) by presenting them with a fake login form. The login form appears to be authentic, but the site is really controlled by ‘bad guys’ so that anything entered into the form is captured by the attacker.

1. As a consumer, phishers target things like your finances and accounts.

2. As a computer user, they want to gain control of your computer and/or network.

3. As an employee, they target things like intellectual property and other resources in your organisation's network.

Hackers target people across all organisations, from those in leadership positions to entry-level employees and students. No matter what your role at RMIT, everyone is a potential target.

Holiday season attacks

The end of year period is a busy time - juggling end of year work commitments, planning social festivities and organising last minute shopping and gifts. It’s a time when we may let our guard down around online security - however statistics show that we should be increasing our diligence.

Attackers have a number of potential topics and opportunities they can use to play on our emotions and slip under the radar over this period. Scammers will craft plenty of phishing emails under the guise of holiday e-cards, party invitations, product deals and discounts, travel notifications and package delivery updates.

See this infographic for holiday threats to be wary of.

Ransomware

An online threat that’s increasingly popular is the use of Ransomware. It’s a type of malicious software that holds the contents of a computer hostage by infecting it in some way and demanding that the user pay a ransom to remove the restriction.

Perpetrators can gain access through a variety of ways. It may be by sending a message that looks to be from a legitimate company and asking you for payment or to download new software. By clicking on the link within these messages or by visiting malicious or compromised websites, they are able to stop you accessing files or using your computer.

How can I protect myself?

  • Make sure you regularly back-up your data to a portable drive or other secure location, such as a shared folder
  • Bookmark frequently visited websites to ensure you limit the chances of accessing fraudulent sites
  • Verify email sources by checking the sender’s details
  • Ensure you have antivirus software and the latest updates installed on your device
  • Don’t install programs from untrusted sources.

What if I’m compromised?

If you get caught out:

  • Don’t pay the ransom as there is no guarantee access to your system will be restored.
  • Contact the Service and Support Centre for immediate advice and assistance.

Tagging Phishing and Spam emails

1. Open the suspect email in Google mail

2. Select the More dropdown menu (next to the Reply arrow)

3. Choose Report phishing or Report spam.


Remember to post examples of the phishing emails you’ve received on myCommunity so we can all be on the lookout.