Universities targeted by cyber attacks and phishing

Data breaches at prominent Universities in Australia have recently featured in the news. As is the case with many organisations, Macquarie University is also under regular attack from cyber criminals. These attackers commonly attempt to obtain access to the University’s systems and information through usernames and passwords obtained by phishing emails.

Amongst other controls, MQ Information Technology (MQ IT) employs Mimecast as an anti-spam filter to stop the vast majority of malicious emails – up to 220,000 delivery attempts per day. While malicious emails are mostly blocked, unfortunately some sophisticated phishing emails still get through. The MQ IT Cyber Security team constantly monitors for new phishing attacks that target University staff, and it’s been clear that the tactics have recently changed.

Cyber criminals are now regularly using compromised email accounts from other institutions to send phishing emails to known contacts of the account owner. This makes it difficult to identify and block these emails. It also means that it’s possible to receive a phishing email from someone you know, even from within the University. Recent phishing emails have also been minimalistic and only contain a link to download a file or to receive further information. Websites that do not end in mq.edu.au or mq.okta.com should not ask for your password. And specifically, the Office365 login page should have a web address starting with: “https://login.microsoftonline.com/”.

We need your help

We need everyone’s help to be careful when clicking on links in unusual emails and to actively report phishing so that we can respond swiftly and prevent any damage.

When you receive a suspicious email:

  • Immediately forward the email to help@mq.edu.au.
  • Do not click on any links or attachments, or respond to the email.
  • Validate all requests for money transfer, vouchers or updates to bank details with an alternate and established contact method.
  • Do not provide your OneID login details. Never share your password.
  • If you have provided your login details, reset your password at the staff password portal and let the IT Service Desk know immediately on 9850 HELP (4357) or email help@mq.edu.au.

Find out more

To get a good understanding of the types of malicious emails that the University receives, visit the Phish Tank on the MQ Wiki.

Date:

Share:

Category:

Notices

Tags:

Back to homepage

Comments

Leave a Reply

Required fields are marked *

We encourage active and constructive debate through our comments section, but please remain respectful. Your first and last name will be published alongside your comment.

Comments will not be pre-moderated but any comments deemed to be offensive, obscene, intimidating, discriminatory or defamatory will be removed and further action may be taken where such conduct breaches University policy or standards. Please keep in mind that This Week is a public site and comments should not contain information that is confidential or commercial in confidence.

Got a story to share?

Visit our contribute page >>