When Macquarie University staff member Andrew received an email from someone who appeared to be a colleague at the University, he did not think much of it.

“I clicked on the link in the email, which asked me to update my account details,” he says. “Before I knew it, hackers had my OneID password and other details.”

“Phishing is not only dangerous to organisations but also to individuals,” says Jeremy Koster, Information Security Manager at Macquarie University’s IT Department.

Phishing, in which a malicious communication attempts to obtain personal or sensitive information, is one of the most common cyber-attacks. Emails are often poorly worded, ask for a username and password, and provide a link that does not lead to an official website address like mq.edu.au.

“When criminals get access to valid usernames and passwords they may obtain access to confidential University information or even damage University systems,” says Jeremy.

He recommends taking the following steps when receiving a suspicious email:

• Immediately forward the email to help@mq.edu.au
• Do not click on any links or attachments
• Do not provide your OneID login details. Never share your password.
• If you have provided your login details, reset your password at the staff password portal and let the IT Service Desk know.

For more information, see the Information Security and Acceptable Use of IT Resources policies.

Stay tuned for more cyber security tips during 2017.