Community Manager

 

What is Phishing?

 

Phishing comes in many forms, but primarily is a type of online identity theft.

 

It’s a way of fraudulently obtaining personal information by sending fake emails that look like they come from a trusted source. Typically, phishing emails ask you to click on a link to verify or update your contact details or to provide credit card information. The link takes you to a forged web page where information you submit (such as your password) can be captured and potentially used for malicious purposes.

 

How emails can be dangerous

 

Throughout RMIT there have been examples of phishing emails that look like Australia Post parcel notifications, as well as hoax Google and Dropbox file sharing notifications. They attempt to trick you into disclosing your email, phone number and other information relating to your RMIT identity.

 

Attackers use phishing emails as a way to:

 

  1. Deliver file attachments that can infect your computer with malware.
  2. Entice you to click on links that take you to websites that will infect your computer with malware just by visiting it.
  3. Trick you into handing over your user credentials so that they can gain access to your network or other sites.

 

KB - Phishing.png

Attackers also research their targets online and via social media to find information that will make their emails sound more authentic - so it’s important not to overshare information via these channels.

Phishing attacks can be very professional and often target senior managers and their assistants within an organisation due to the level of access they have. In these instances, adhering to procedure is the best form of defence. If you receive an email asking you to bypass the usual protocols, be suspicious.

 

What to do if you have clicked on the link in the email?

 

Most phishing emails would attempt to get your credentials such as usernames & passwords.

 

 - If you not have clicked on the link and not entered any details, you are safe. It is recommended that you report the Phishing email.

 

 - If you have clicked on the link and entered your details, here is some of the stuff you can do

 

 

More tips on IT Security can be found at http://rmit.edu.au/itsecurity

 

 

 

 

Comments
Member
So I think ITS has recently ran a phishing simulation, but I don't think it was very well-executed. For starters, it was address to the RMIT staff email that is firstname.lastname@rmit.edu.au, but then it didn't address me by my name or make mention of RMIT or use any RMIT branding. I hope you didn't pay phishme.com a lot for this. Can I still get those Grand Final tickets?