How safe is your digital life?


Digital life banner

Computer security is in your hands – part two

Don’t be the catch of the day

Scam emails which try to trick you into providing personal information to scammers or clicking on dodgy links are known as “phishing” emails due to the fact that they offer you an incentive (the “bait”) disguising their true intentions. The hope is that the incentive will be exciting, compelling or threatening enough for you to want to find out more, even if you have slight concerns about the emails validity (or, in some cases, legality).

Sometimes the incentive is monetary gain (a random lottery win or a long distant relative leaving lots of money in a bank account that only you can access), sometimes the incentive is to avoid loss (a fake invoice for a credit card or pay pal transaction you didn’t make, loss of an email account if you don’t take action) and sometimes the incentive is curiosity, which seems to be the most recent trend. A recent example of the latter type pretended to be a “secure Google Document” which required you enter your email address and password to access it. Others pretend that Griffith will delete your email account if you do not reply to the email with your username and password.

Some phishing emails are very targeted and try very hard to look like emails from a bank, eBay, PayPal or Griffith University. These attempt to trick you into revealing sensitive personal information (commonly date of birth, bank details, usernames, email addresses and passwords), by asking you to reply with an email containing the information or click on a dodgy link and fill out a form on a webpage. In some cases the dodgy webpages look just like a proper corporate webpage, containing all the right logos and graphics.

It is NOT Griffith University’s practice to ever ask for your password and it is a giveaway that the email is bogus.

“Nobody would want my account anyway – there’s nothing worth stealing.”

Unfortunately, we hear this quite often, and it simply is not true. Hackers and scammers are no longer simply looking for access to servers. They make a lot of money by buying and selling the login accounts and personal information of individuals.

With your account, scammers can access all the information the University knows about you through the Griffith University’s Portal. They can use this to steal your identity. If you have access to other people’s details, financial records, student records or HRM records, they can use this information to steal those identities too. Scammers also commonly use any email account that they steal to send out more scam emails – as it’s coming from a real account, their emails look more legitimate to their next potential victims.

Using your username and password, scammers could access your email and collect details on your work colleagues, look at meetings you attend or invites to social work events. They can stalk your personal life and that of anyone you communicate with.

Here are a few other warning signs to identify phishing emails:
1. If the email contains an offer that is too good to be true, it probably is!
2. Scam emails tend to contain poor English and be poorly formatted.
3. If the email seems to come from your bank, eBay or PayPal etc, but you’ve not registered your Griffith email address with them, then the email is a scam.
4. Scam emails rarely address you by your proper name. Commonly, any scam emails sent using an automated tool will call you by the first part of your email address (eg “Dear J.Doe”)
5. If in any doubt of the validity of an email stating it is from Griffith, you can forward it to security@griffith.edu.au and we’ll look it over. If you’re unsure if an email really is from your bank, the post office etc., then give them a call to verify its validity.