Cyber security alert: bogus Griffith library emails

There has recently been a spate of fake library system notices sent to Griffith University staff and students which attempt to steal your username and password and potentially other personal information.

While there are a few variations of the email, most have the Subject: ‘Library Notifications’ and have a falsified From: address of ‘’.

The body of the email contains a claim that your library account access will expire soon due to ‘security precautions established to protect the University Libraries System’. It will tell you that you need to ‘renew your library account on a regular basis’ and to click on the given link.

Clicking on the link takes you to a malicious website, crafted to look exactly like Griffith’s Single Sign-On (SSO) Login page. This site is able to steal any username and passwords entered.

If you believe that you may have entered your login details on the fake login page, please change your Griffith password immediately.

Here are some tips on spotting bogus emails:

  • Does the address of the sender seem real?  Quite often phishing emails have a real looking name but the email address itself is a free email service rather than a Griffith address.
  • Is the email full of errors? While we all make the occasional spelling and grammatical errors, bogus emails tend to have a lot of errors in only a few sentences.
  • Does the email demand you click on a link and login to something immediately, otherwise you’ll lose access? They’re deliberately worded to make you curious or worried so you click on the link without thinking twice.
  • Is the email from a completely unexpected source? If you’ve not entered a lottery or competition, you cannot have won.

Please forward any suspicious emails to the Information Security team.

3 practical ways to keep your valuables safe

Photo of laptop on desk

It’s that time of year again – masses of assignments, exam prep and Netflix procrastination.

Now, our campus libraries provide popular and diverse study areas for you to do your thang. Whether you’re looking for a silent, quiet or social space – we’ve got you covered.

But before you bunker down we’d like to remind you to take a sensible approach to your personal belongings.

In your study daze, don’t forget to keep your valuables safe. Here are some handy pointers:

1. Never leave your valuable items unattended
If you need to take a break or grab some study snacks, get a friend to watch your valuables. Or if you are Nigel No-friends for the day – bring your gear with you. Think of how devastated you’ll be if a thief swipes your laptop and mobile phone. No more Netflix (and chill).

2. Never lend anyone your ID card
Your ID card gives you access to some pretty cool stuff. You can borrow books from the library, print and copy on campus, and get access to buildings and computer labs. But it can go pear-shaped pretty quickly if you let others use your card. If they don’t return the book or laptop, that fine is on you.

3. Ensure your personal computer is secure
Is your whole student-life on your computer? Take steps to ensure you are safe online; we don’t want you losing all that work! Protect your passwords, backup your work and install an antivirus program.

If you see any suspicious persons or activity in your area, call security:

  • Nathan & Mt Gravatt: 3735 7777
  • South Bank: 3735 6226
  • Logan: 3382 1717
  • Gold Coast: 5552 7777

For more information, visit the security web page.

Protect your digital life on your mobile device


When you lend your mobile device, did you know you’re also sharing your internet account, email and Facebook?

And do really want to give your study buddy access to your Facebook account? They’ll just post cringe-worthy selfies from your camera roll or startling revelations about your embarrassing celebrity crush (which is obvs completely false).

Or even worse. They could use up all your internet data to watch cats being funny on YouTube. Which is fine, but only if you got to see the furry feline shenanigans as well.

How does this happen? Well, you’re connected to the Griffith Wi-Fi on your mobile device, right? You’ll notice that once you’ve signed in, you are never asked to sign in again. It’s just so convenient to have it connect automatically when you’re on campus.

But it also means that when you share your mobile phone, tablet or laptop with your classmate, all their internet use will be billed and logged against you!

And don’t forget, you’re probably logged into all your social media and email accounts as well.

Which means they can not only post to your Facebook (as you), but also to Snapchat, Instagram and Twitter. And just for kicks, they could swipe right for all of Tinder.

Now, your friends and classmates are probably too responsible to be irresponsible with your digital life. They would never prank post on your social media, use all your internet data, or mess with your email.

But if they do. Just remember, we told you so.

For advice on how to stay safe online, visit the Griffith University IT Security web page.

5 of the worst computer viruses ever

Have you ever had a computer virus? They aren’t very nice.

They can break your computer, delete your files or steal your personal information. And you can inadvertently infect your friends and family with the virus (well, not them directly, their computer).

Michael Aranda takes us through the 5 of the worst computer viruses ever in a YouTube video by SciShow. Remember the Melissa Virus? What about the not-so-lovely I love You Virus? They both make the cut.

Watch the video to see how quickly they spread, how many people they affected and the amount of damage they did.

How can you avoid getting a virus? Michael recommends that you:

  • Install an antivirus program
  • Don’t click on suspicious links or emails from Nigerian princes
  • Keep your computer operating system and programs updated with the latest security patches

Installing an antivirus program doesn’t have to cost a fortune. Actually, it doesn’t have to cost you anything at all. All Griffith students can access Symantec Endpoint Protection on their device for FREE.

Symantec Endpoint Protection is a leading antivirus and security solution for desktop devices. It is designed to ‘protect against advanced threats with powerful, layered protection backed by industry-leading security intelligence’. See the Symantec website for system requirements.

You can access Symantec Endpoint Protection via the Software Download Service (SDS) on your Griffith University Google Drive account. Head to the Software Services website for handy instructions on accessing home use software.

Stop your iPhone from being hacked


Download the latest security patch released by Apple! On Thursday, Apple released an urgent update to its operating system due to a malware attack.

Apple issued a global update to their iOS software after a sophisticated piece of malware was found to be able to compromise any iPhone in the world.

The malware gives attackers the ability to steal information from your phone, intercept calls and SMS, view emails, contacts and other applications.After confirming the vulnerability, Apple developed a patch that is deployed with its latest iOS update (9.3.5)

After confirming the vulnerability, Apple developed a patch that is deployed with its latest iOS update (9.3.5), and are advising people to download this fix immediately.

For instructions on how to update your iOS device, please refer to the Apple website.

These are the 25 worst passwords of 2015

Is your password on the naughty list?

Is your password on the naughty list?

We have all experienced the frustration of having to update our password for one of our gazillion computer accounts; email, Netflix, ASOS, Spotify, Instagram, PayPal, iTunes…

Then there are the passwords for uni. The security-conscious folk at Griffith Uni make us change our passwords regularly so we can keep our account safe from hackers. And we totally appreciate it! Who wants hackers reading the dodgy essay on Margaret Thatcher you wrote in first-year that is saved on Google Drive?

But let’s be honest, it’s hard having to think of a password you haven’t used in the last 12 months. So inevitably, you may choose a password that is too simple, weak or just plain obvious (c’mon, have you ever used griffith for a uni password?).

So SplashData made a naughty list; the 25 worst passwords for 2015. The list is based on more than 2 million passwords that leaked online last year.

Check out the naughty list and see if any of your passwords are hacker-friendly. Here are a few offenders:

  1. 123456
  2. password
  3. qwerty
  4. login
  5. princess

Read the full article in this month’s issue of PC World, which is available to Griffith students and staff via the EBSCO database:

How safe is your password? For tips on keeping your password secure, go to Griffith University’s Secure passwords page.

How to protect your Google Apps account

Suspect suspicious activity? Contact Information Services on x55555

Suspect suspicious activity? Contact Information Services on x55555

Research data, personal information and sensitive documents are often the target of hackers who use this information for identity theft, financial fraud or a stepping stone to access other systems.  That’s why you need to take steps to protect your Google Apps account.

Griffith University staff and students are provided with a Google Apps account to communicate and collaborate. It is important to remain vigilant and be aware of any suspicious activity that may be occurring in this account.


How can I maintain the Security and Privacy of my Google Apps account?

You can review the security and privacy settings of your Google Apps account via the security hub called My Account.  You are able to:

  • Check what devices are accessing your account
  • Control which apps and sites are connected to your account
  • Complete the security checkup and privacy checkup

Review recent activity in your account by selecting ‘Details’ in the bottom right-hand corner of your mailbox.  This information helps you determine the access type, location of and date and time of account activity

Review apps connected to your account to see what third party sites and applications are accessing your information.


When should I check my Security and Privacy settings?

Check the My Account page if you suspect any suspicious activity on your account.  Suspicious activity may include:

  • Emails in your sent folder that you didn’t send
  • IP addresses in the last account activity from a country that you haven’t visited
  • Notification emails advising of a new sign-in on a device that you don’t recognise
  • Colleagues advising they are receiving strange emails from you

Complete the privacy and security checkup a few times a year to make sure the access you have granted to third party apps is still needed.


What should I do if I suspect suspicious activity?

Please contact the Information Services help desk by calling ext 55555 or emailing  INS can review the information and advise if your account has been compromised and if any further steps need to be taken.