Don't get phished - personalised bait

The email or message will appear to come from someone you know or work with, and appear to be entirely legitimate and correctly formatted and branded, but will ask you to do something you probably don’t commonly do, or that you don’t normally do through a request in this manner. A common example is receiving an email or text that appears to be from your manager or someone else you trust, asking you to transfer funds to a specified bank account that in fact belongs to the criminals sending the message. (Note – UC processes don’t allow this actual example to happen, but it has happened in other organisations that have less-robust processes).

The key to a spear phishing attack is that it is addressed to you personally, looks believable, and asks you to do something that would involve you transferring money, giving access to secure or confidential accounts, or revealing your login credentials.

But how do they know me?

Spear-phishing attackers target victims who put personal information on the internet. They might view individual profiles while scanning a social networking site. From a profile, they will be able to find a person’s email address, friends list, geographic location, and any posts about new gadgets that were recently purchased. Not you? You don’t put personal information on the internet? Well what about sites that you are registered to – for example, Yahoo, Gmail, Amazon, Book Depository, Fishpond, etc – organisations like that get hacked too, and then the hackers have your details. 

Hackers and cyber-criminals can do amazing things with access to everything on your device or your personal credentials which can take a massive toll on your personal and professional life. 

The potential costs to you (and others) of being hacked:

• You could find all your data has been deleted or encrypted and held for ransom.
• The University network could be locked down – stopping staff and students from being able to work – and requiring millions of dollars and weeks or months to fix.
• You could lose access to your banking and social media accounts.
• Your identity could be stolen
  • Loans and credit cards may be opened in your name (which you are held legally liable for) – imagine discovering that you owe hundreds of thousands of dollars and are legally required to pay it back?.
  • Your credit record could be tarnished.
  • Unauthorised purchases may be billed to you.
  • You may become a victim of tax fraud.
  • You may be locked out of apps and web-based services, forever!! (Losing family photos, thesis papers etc. Do you have these backed up??).
• Your electronic devices may be used as a tool of cyber-crime (sending spam or spreading malware).
• You could suffer damage to your personal reputation, career opportunities, and relationships.
• You could be used as a conduit to other cyber-crimes and criminal activities (including possible sex trafficking, child exploitation, money laundering, terrorism, etc).
• You could be used as a cover for cyber-bullying or exploitation.
• You could be exposed to increased risk of mental health issues, self-harm/suicide (due to emotional fall out of being a victim of crime).

So how do you avoid being spear phished?

The best protection against phishing scams is awareness. Question unexpected messages, and report and delete them if they are suspicious. Be aware of what personal information you post on the Internet - always remember that what you put on the internet is available for 7.7 billion to see!! That’s everybody.

Read How to Spot a Phishing Scam.

If you think you’ve been phished, contact the IT Service Desk immediately.