Gone phishing

We all have a part to play in protecting ACU from cyber threats. Phishing is a serious threat to ACU’s organisational information and to your personal information. It can lead to data breaches, identity theft, ransomware, and other malicious consequences.

Phishing attacks are becoming more sophisticated and harder to detect every day.

What happened?

ACU IT recently ran a phishing email simulation for all staff to assess our existing awareness and behaviour, and to see where to focus our future efforts and education. This exercise wasn’t intended to catch people or single anyone out.

The result of this simulation was that more than 500 people clicked on the link and, of these, more than 300 people provided their ACU login credentials (username and password) into a fake login page. In a real phishing situation, this represents 300 opportunities for an attacker to gain access to ACU systems.

Reassuringly, more than 400 people correctly assessed and reported the phishing email using the “report message” button in Outlook. Reporting a suspected phishing email represents an opportunity for ACU to catch attacks early and protect others against them.

What is ACU doing about phishing?

IT is working to prevent any malicious emails getting to you, but we need your help to find any that make it through the cracks.

Currently, any emails that Microsoft identifies as potential phishing are moved to a Junk folder in Outlook, where you can view and decide what to do with them.

ACU has now taken the first step to make our environment even more secure from phishing by tightening some controls. Tightening these controls may mean some genuine emails are flagged by the system as junk and they’ll also end up in your junk folder – these are called false positives.

So, what do I need to do?

Keep an eye on your junk folder and make sure to report any false positives by categorising them as “not junk”. You can do this by simply right clicking on any genuine email and marking it as “not junk”.

Remember, if you’re not sure, don’t click on any links in an email and never click on links that ask you to log in and take you to a login screen. If you receive a suspicious email, report it through Outlook.

You’ll also soon receive some quick and easy Microsoft training from Microsoft’s training system notification@attacksimulationtraining.com. Please take a moment to complete this and do your part in helping to spot phishing emails and keep everyone safe.

Where can I get help?

You can contact Service Central for further information and assistance:

• search the knowledge base for more information (24/7)
• start a live chat (weekdays 9am-5pm)
• call Service Central (07) 3623 7272 or ext.7272 internally (weekdays 9am-5pm).

See more information about phishing

Why is ACU doing this?

Cyber security is not only about protecting the university’s data from unauthorised access, but also about safeguarding your own personal and financial information from cyber threats.

We are making several improvements to ACU’s cyber security stance throughout the year, and we need your help.

Thanks for your contribution to keeping ACU secure.