Monday 6 February 2017

It's phishing season

Carrying on from our security focus over the past two weeks, we have seen a dramatic increase in the number of phishing attempts directed at the education sector.  Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.  They are often sophisticated and look genuine.
Recent examples have had subject lines like "You have received a secure message" or "Matt has a secure message waiting for you".  The content then has various legitimate logos and words inviting you to collect your document via link.  To the trained eye there is something not quite right about them.
You can learn how to spot phishing email messages by reading the eSolutions intranet page at http://intranet.monash.edu.au/esolutions/news/protect-your-email.html.
Ransomware
Often these phishing attempts result in the delivery of Ransomware onto your computer.  This is malicious software that infects your computer and then encrypts your local data and data on shared rives where there is access. It then directs you to a web site extorting you for money in order to supply the decryption key.
If you suspect you may have been infected with any type of malware DO NOTHING other than contact the Service Desk immediately by phone.  We will marshal our Security & Risk team alongside our Service Centre staff to rectify the situation.
Self-Service Password Reset
One of the simplest things you can do to help protect yourself is to register yourself for our Self-Service Password Reset (SSPR) service.  This will enable you to change your password yourself using your mobile phone to receive a confirmation token.

You can register for SSPR at https://sspr.monash.edu/

No comments:

Post a Comment