Secure IT
Welcome to the SecureIT webpage.
We provide information and advice on secure computing practices so that you can be safe online while at the University.
Report an IT Security Incident
Use this form to report an IT Security Incident
-
Help! I've been scammed! What do I do?
First, take a deep breath. You are only human and it could happen to anyone.
Contact
-
Contact your bank or financial institution. If any money or banking details have been exchanged, let your financial institution know immediately.
-
Let others know about your scam. Contact your friends, family members, or colleagues to warn them about the scam.
-
Contact ITDS Service Desk on +61 8 8313 3000 to report compromise of university credentials
Recover
-
If you suspect that your identity may have been stolen, you can:
-
Contact IDCARE
-
Refer to Victims of Commonwealth Identity Crime webpage for more information.
-
Change all your passwords. Consider using a password manager.
Report
-
Report scams to the Australian Competition & Consumer Commission (ACCC)
-
-
Help! I’ve been phished! What do I do?
Some phishing emails can be very sophisticated and it is easy to be tricked. If you do fall victim to this cyber crime, follow these steps:
Remove
-
Phishing emails may contain malware. If you have opened any links or even previewed the email, this malware can infect your computer and any network the computer is connected to.
-
Removing from the network could involve disconnecting from wired networks, turning off wifi or putting the device into ‘airplane’ model.
Recover
-
Change all your passwords. Consider using a password manager.
Report
-
Forward the email as an attachment to bad@mailguard.adelaide.edu.au or contact the ITDS Service Desk on +61 8 8313 3000 for assistance
-
Online cyber security training modules
Access mandatory training and additional online modules to learn more about cyber security threats.
Live courses
We offer practical workshops and informative webinars that look at ways we can protect ourselves and our university from cyber threats.
-
Cyber Hygiene Awareness Videos
Overview
The University sends out regular security awareness videos that cover various topics in cyber security including:
-
Data security
-
Data privacy
-
Information Protection
-
Office Hygiene
-
Passwords
-
DevSecOps
How it will work
On roughly a quarterly basis, staff will receive an invitation to watch a short (2-3 minute) video and answer a quiz afterwards to confirm learning. You will receive weekly reminders if you do not complete the training.
You will receive an email like this. Click on the included link (requires SSO authentication)
Enjoy the short video!
Answer a quick quiz to check your knowledge.
See the correct answer, as well as popular answers.
Finally, click on Acknowledge to complete your training
-
-
Simulated Phishing Program
Overview
Did you know that 90% of security incidents involved some kind of malicious email such as phishing? It is critical that University staff have the knowledge to distinguish between legitimate email and suspicious email, and not fall prey to clicking on malicious links, opening potentially dangerous attachments, or responding to fraudulent emails. Simulated phishing serves two useful purposes for the University: they can (a) identify people who may be more vulnerable to phishing emails and provide just-in-time training (b) provide useful statistics on the proportion of people who are vulnerable and/or report phishing
How it will work (and the chance to win a prize!)
On roughly a quarterly basis, staff will receive a “simulated” phishing email that will contain a link or an attachment. If you think you have spotted such a simulated phishing email, please report it in the same manner as real phishing emails. You will go into a draw to win one of 3 prizes each quarter!
You will receive a simulated phishing email like the one pictured above.
If you correctly identify this as suspicious, report it via the normal method. Make sure to report to be in the draw to win a prize each quarter!
If you happen to click on the link, you will presented with a just-in-time learning page. No harm done but be careful next time!
-
Simulated Phishing Debrief (Q4 2022)
Simulated phishing was sent out to all University paid staff in November of 2022. Below provides an explanation of what they looked like, and how you may have identified it as non-legitimate email.
This was a "multi-staged" simulated phishing exercise that comprised of
- An email with a link to a fake login page, asking you to reset your password
- A fake login website that is designed to harvest passwords of users. This follows a very typical pattern of real phishing emails.
The suspicious email could have been identified using the following information:
- The sender was not from your usual University of Adelaide senders with a trusted domain such as adelaide.edu.au
- When you hovered over the link, it would have revealed a non-UofA domain - therelayservice.com - something you would have never seen before
- Finally, the email was signed "IT Department, University of Adelaide", whereas legitimate email should be signed "Information Technology and Digital Services, the University of Adelaide"
How to identify suspicious emails
The fake logon page, even though it has the University of Adelaide logo, has a lot of signs of being non-legitimate
- Looking at the URL, again, this does not have the usual adelaide.edu.au domain
- The form asks you for the current password. Currently the only place where you can change your University password is from the Okta login page at https://id.adelaide.edu.au. Any other places should be treated with suspicion.
How to identify fake logon pages
Finally, if you did submit your password, a "just-in-time" learning page like below would have been displayed.
Learning page
