Flinders University continues to be targeted by sophisticated phishing emails that invite staff to surrender their FAN or other sensitive information for sinister purposes.
These emails often use official logos (including the Flinders logo) or emulate legitimate emails in order to appear genuine.
They typically offer rewards or prey on fear or curiosity to entice staff to take action.
Phishing isn’t just a Flinders or university problem.
According to a 2016 survey from Wombat Security, worldwide phishing attacks are increasing.
The survey also found that:
- 85% of organisations report being a victim of phishing
- 90% of security breaches in organisations start with a phishing attack
- 19% of staff are more likely to click on an email if it contains a first name
- 30% of phishing emails are actually opened by victims
Given that Flinders University receives an average of 170,000 external emails daily, it is not surprising that staff may at times find it difficult to identify phishing emails that are aimed at compromising the security of their computers.
Fortunately there are a number of things that staff can do to protect themselves from phishing emails or limit their impact.
Information and Digital Services (IDS) recommends that staff undertake the following security measures:
- check the sender of every email to confirm legitimacy
- check the links in every email by hovering over them to display their location
- look for poor spelling and grammar
- check to see if the email is unsolicited and/or promises a reward or threatens actions
- check with ITS Security Services if you aren’t sure about an email’s source by emailing email@example.com
- report any phishing or spam emails immediately to ITS Security Services via the ‘junk e-mail reporting add-in’ for Outlook
The junk e-mail reporting add-in notifies IDS and ensures that the Flinders email system can block future attempts.
The add-in has been applied to all Windows computers for staff and is also available via Outlook Web Access (including Apple Mac users).
Staff can find out more information about how to report phishing emails using the add-in on the IDS Security website.