Enquire Now

Data and analytics

Some additional information in one line

Learning analytics

Transform your data into meaningful insights.
Learn More

Applications and data

Bespoke solutions to simplify and streamline your workflows.
Learn More

Artifical intelligence

Harness the power of AI to learn more from your data.
Learn More

Consulting

Some additional information in one line

Edtech

Some additional information in one line
Learn More

Change management

Some additional information in one line
Learn More

Cyber risk

Some additional information in one line
Learn More

ICT strategy

Some additional information in one line
Learn More

Managed services

Discover why more organisations are benefiting from managed services.

ICT managed services

We can manage all aspects of your ICT operations - from day-to-day tasks to long-term strategy.
Learn More

Managed data and analytics

Need some help with your data? Let us manage your systems and data for you.
Learn More

Escalation and remote support

Sometimes you just need a sounding board, or somebody to escalate a problem to. We're here to help.
Learn More

Our people

Multiple menus to choose from. Each drag-n-drop customizable.

Our values

Learn about the values that drive the people at RTG.
Learn More

Current vacancies

If you're looking for the next step in your career, RTG might have the perfect role for you.
Vacancies

Join us

If you like what you see, why not apply for a position with us? Submit your CV here.
Apply Now

Insights

4 min read

Phishing - how do you protect yourself?

Aug 6, 2020 3:59:07 PM

According the OAIC statistics, phishing attacks have increased considerably in the past three months due to the COVID-19 pandemic. Three in five data breaches have been caused through malicious or criminal attacks; with data breaches resulting from phishing continuing to be the leading source of malicious attacks.

Twitter was the vehicle of choice by hackers last month when the accounts of Bill Gates and Joe Biden, among others, were accessed with so-called tweets asking their followers to pay $1,000 within 30 minutes, and they would send back $2,000! The old adage of 'if it sounds too good to be true, it probably is' comes to mind.

Education and awareness is key, so we’d like to offer some advice on what to look for in suspicious emails, and more importantly, what to do:

  • Unsolicited messages - Never respond to unsolicited messages and calls that ask for personal or financial details, even if they claim to be a from a reputable organisation or government authority.
  • User name & password disclosure - To trick you into disclosing your user name and password, fraudsters may include the name of a legitimate company within the structure of the email and/or web addresses. For example: https://www.google.com is a fake address that doesn't go to a real Google web site. A real Google web address has a forward slash ("/") after "google.com" — for example, "https://www.google.com/" or "https://login.google.com/
  • Email looks legitimate as from a 'work colleague', but the request seems odd - For example; the scammers search LinkedIn for a HR/Payroll Clerk, send an email posing as a colleague to alter their payroll account details to a new account and instantly it is payday for the scammers. If the request is at odds with normal company processes or is asking to change bank account details, simply call the colleague directly to confirm that they did in fact request a change.  
  • Sent to a website with pop-ups - Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter your username and password. Phishing scams may direct you to a legitimate website and then use a pop-up to gain your account information.
  • An unexpected email from a company - If you have received an unexpected email from a company, and it is riddled with mistakes, this can be a strong indicator it is actually a phish. Look for spelling errors, poor grammar, or inferior graphics.
  • Hyperlinks in an email - Check a link first by hovering your mouse over any link in an email - the hyperlink may be labelled as https://www.google.com.au for example but the tooltip that pops up contains the actual destination URL and it may be something different like https://dodgybros.com.au/we.got.you or https://1263.3.97.2/scam (not real examples, but the point being you are not being directed to www.google.com.au)  
  • Email containing an attachment - Be wary if you receive an email from a company out of the blue that contains an attachment, especially if it relates to something unexpected. The attachment could contain a malicious URL or trojan, leading to the installation of a virus or other type of malware on your PC or network.

You can find further advice on how to protect yourselves – both at work and at home - on the ACCC’s Scamwatch site.

What to do if you suspect a suspicious email.

  1. Do not open, forward or reply to it - To do so may compromise your security
  2. Do not click on links or attachments - these can be disguise malware that may infect your device or network. 
  3. Take a screenshot of the email - send this screen shot to your organisation’s IT team. The IT Team will need this information to starts its investigations.
  4. Once the investigation is complete - respond according to advice provided by your IT or Leadership team.
  5. Delete it - once given the instruction to 'delete' from your IT or Leadership team to prevent you from accidentally opening the message in the future.

If you have any questions or would like to discuss further then please feel free to send me an email mgillies@rtg.com.au

Mel Gillies
Written by Mel Gillies

Mel Gillies is Director Consulting - Risk and Security at RTG. Mel has recently been awarded her Master of Education (Research) comparing global and local privacy regulations, contextualising this to educational data governance and how these inform the privacy and security of school data within the ‘Educational Data Economy’. A qualified Lead Auditor ISO27001: Information Security Management System, Mel works closely with organisations to assist in identifying and protecting against cyber threats, whilst strengthening incident response plans to support timely recovery to normal operations and reduce the impact from a data breach or cyber security incident.

Featured