Phishing
View
Learn to recognise phishing emails and then report them.
Phishing emails used to be easy to spot, you had to look out for spelling errors, pixelated logos, and fake email addresses. With scammers becoming more professional, phishing emails can be harder to identify.
Always ask yourself, am I expecting to receive this email? Most phishing emails are unsolicited. If you aren’t expecting it, be particularly careful.
Verify the information in the email. Go directly to the person, bank, business or department and check with them. Don’t use contact information provided in the email itself, use an email address or phone number provided on their official website.
You can also check by using Monash’s ‘report phishing’ button in Gmail, which will evaluate the email as safe, spam or malicious. See the report phishing emails section below for instructions on how to do this.
Scammers use email or text messages to try to steal your passwords, account numbers, or date of birth. If they get this information, they are a step closer to getting access to your email, bank, or other accounts.
Once they have access they could steal your money or data, install malware on your devices, or sell your information to other scammers.
Always report a suspected phishing email, even if you’re not sure.
The quickest and easiest way to report a phishing email is to use Monash’s ‘report phishing’ button in Gmail. Currently this is only available on your desktop, not in the mobile app.
To report, follow these steps:
You’ll receive a response from the Phishing Analysis Service (no-reply@e105.e.monash.edu) and the email will be evaluated as safe, spam or malicious. No further action is required.
Recognising a phishing email protects you, reporting a phishing email protects everyone. A couple of button clicks is all it takes.
If you spot a phishing email in your inbox, reporting it will also remove it from other people’s Monash inboxes.
Cyber Hygiene
View
If you can’t use your own data, connect to a secure Wi-Fi – Monash University’s is best.
When you’re on campus, connect to the Monash wireless network, eduroam.
If you’re connecting remotely then be cautious of which Wi-Fi network you use. If you’re in a public place then avoid using any free Wi-Fi as this is not secured. Even if it requires you to use a password, it may not be a legitimate connection.
Using public or unsecured Wi-Fi is risky because the connection is not encrypted. This means anything you do could be monitored by a third party. Any information you enter, including passwords or payment details, could be easily viewed and stolen.
Public Wi-Fi is a bit like a digital highway that anyone can travel on, versus a private road just for you. It’s ok to use when you’re browsing but don’t use it to enter passwords or to share sensitive information.
Use Monash’s VPN when you use your computer to access Monash systems.
This is especially important:
Monash University Malaysia VPN, GlobalProtect is offered to Monash staff to access on-premises resources securely.
Refer GlobalProtect VPN Access guide
Monash's VPN is a virtual private network that establishes a secure connection between you and the internet. It’s more secure against external attacks and is required to access some Monash systems when you’re off-site.
Using a VPN means all your data traffic is routed through an encrypted virtual tunnel. This disguises your IP address when you use the internet, making its location invisible to everyone. A VPN connection is more secure against external attacks.
Data Safety
View
Always check the settings when you share a file. Always choose the most ‘restricted’ and least privileged option available for files that contain confidential and sensitive information.
If you send a file as an email attachment, double check that you’re sending it to the correct recipients.
When using Google Drive you can choose from the following sharing settings:
These permissions can be altered at any time in the life of the document.
To make sure you're giving the correct people permissions to access files and correspondence, always:
Accidentally sending a message or file to someone could be embarrassing but it could become a big problem if that document includes confidential information. It could lead to a violation of someone’s privacy or even to a data breach.
Be aware that cyber criminals will try to steal data from Monash systems and devices.
Data exfiltration happens in two ways, through outsider attacks and insider threats.
An outsider attack occurs when an individual infiltrates a network to steal corporate data and potentially user credentials. This typically is a result of a cyber criminal injecting malware onto a device, such as a computer or smartphone, that is connected to the Monash University network.
Insider threats can be malicious, for example a staff member stealing their own organisation’s data and sending documents to their personal email address or cloud storage services – potentially to sell to cyber criminals.
Insider threats can also be caused unintentionally by careless behaviour that sees corporate data fall into the hands of bad actors.
Failing to control information security can lead to data loss that could cause reputational and financial damage to Monash.
