ANU continues to be a target of opportunity for phishing attacks. Over the past week we have had many members of our community targeted by cyber threat actors seeking to compromise our people and systems.
We need all ANU community members to be extra vigilant.
Attackers are attempting to socially engineer ANU personnel into divulging username and passwords. A common phishing approach is sending victims an email claiming to be a file (say an invoice) that needs to be viewed and actioned. Invoice themed phishing emails are common as we approach the end of the financial year.
A recent example of a phishing email directed at us is illustrated below:
When a victim clicks on the button or link to view the document, they will be shown a log screen, and asked to log in with their ANU credentials. If a victim has provided their email and password here, they have been compromised.
Ways to detect and avoid the phish?
- Be vigilant and engage your healthy sceptical Cyber Sense
- Examine all links and file downloads carefully before clicking on them
- Hover your mouse over the link and check that it matched where the claimed file is – there is often a mismatch between where the file claims to coming from (Office 365) and where the link points you to (box.com, dropbox.com, mega.nz etc.)
- If prompted for your username and password after clicking on a link/attachment – check the login screen very closely.
- Check the web address - verify it is coming from a trusted anu.edu.au or microsoftonline.com address
- If an email is unexpected or unusual, especially from a colleague, check with them via phone if the email is legitimate.
- Several phishing attacks have been identified and contained through users checking and reporting on suspicious activity.
What to do if I clicked and gave my details?
If you have received an email like this and entered your username/email and password when prompted:
- Change your password IMMEDIATELY at https://identity.anu.edu.au – on another device from the one you clicked on the link.
- Report via email to email@example.com – include details of how you were compromise and indicate that you have changed your password.
- Await further instructions.
If you receive an email you suspect is phishing, please do the following:
- Do not click on any links, buttons or images within the suspect email;
- Do not reply to the suspect email;
- Forward the suspect email to firstname.lastname@example.org;
- Report the email to email@example.com; and
- Delete the email from your inbox.
Support and more information
The Cyber Sense website has links to a training module on how to identify phishing more generally.
Further phishing information can be found at: https://services.anu.edu.au/information‐technology/it‐security/phishing
With your cyber sense and resilience, we can contain and clean‐up phishing attacks promptly and continue our community’s ability to live safely online.
If you have any questions related to phishing please visit the Service Now Knowledge Base, the Cyber Sense website or email firstname.lastname@example.org.