Charles Sturt University
Charles Sturt University
  • Information Security
  • Phishing
  • Spam
  • Viruses and Malware
  • Service Support Articles
IT Servicesservice category ICT Security

Information Security

The goal of information security is to protect the confidentiality, integrity and availability of Charles Sturt University's information assets and to ensure the protection of an individual's personal information.

Everyone at CSU has a role to play in protecting University information.

Service Owner

Enterprise Architect, Security

Phishing

Phishing is the act of attempting to acquire information (e.g. usernames, passwords and credit card details) by sending an email which appears to be from a legitimate business, organisation or individual.

Falling victim to phishing emails can cause you and the university problems. For example - compromised email accounts can be used to keep distributing unsolicited emails.

Phishing emails can:

  • direct you to click a link, go to a website and enter your details. Websites often look the same as legitimate ones and have been set up to capture your CSU username and password.
  • contain links that trigger the download of malicious software such as spyware to your computer. Spyware collects and sends your passwords and other personal details without you knowing.
  • include attachments with viruses or other malicious files designed to capture and send your information, or allow scammers to access your computer when you are on the Internet

CSU has introduced Time of Click protection for staff. Time of click scans staff emails received from external senders for links that look suspicious. The links in the email are replaced with a link to our antispam server so that when you hover over them they appear as https://antispam.csu.edu.au

By directing links through our antispam server, the reputation of the URL is assessed. When you click on a link that is identified as suspicious you are redirected to a warning and advised to proceed with caution. You should review the link to make sure it is a legitimate URL before going any further. Known scam or malicious sites are blocked so that you are not able to access them at all.

Access

All staff must be aware of the risks associated with malicious or fraudulent emails.

See examples of real phishing emails

Phishing emails can come in many forms and variants. They use official looking logos, images, letterheads and language to trick you into believing it's real.

You should always be wary of any emails which ask for personal information. This includes prompting you to login to an account (CSU, personal email, online banking, eBay, Paypal, etc).

Legitimate businesses and organisations will never send unsolicited requests for information, if you suspect an email, contact the sender via alternate means such as telephone.

Help protect yourself:

  • Do not respond to requests to provide information by return email or enter your account information on a website
  • Use security software including antivirus, antispyware and a firewall. Ensure your antivirus and antispyware software is up to date
  • Keep your computer's operating system up to date by ensuring automatic updates are on
  • If you want to access an internet account website use a bookmarked link or type the address in yourself
  • Do not click on any links in a phishing email and do not open any files attached to phishing emails
  • Delete phishing emails
  • Never call a telephone number that you see in an unsolicited email. Use the yellow pages to locate the required telephone number
  • NEVER reply to a spam email (even to unsubscribe)
  • Always look for "https://" and a padlock on web sites that ask for personal information

Cost

CSU information security protection mechanisms are funded by the University and provided at no extra cost to staff.

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk

Spam

Spam emails are a cheap way to advertise products or services. They are sent to many recipients (aka bulk email) and are an international problem.

Phishing emails are often called spam but they have different intentions. They are not trying to sell a product or service though they may pretend they are to trick you.

The Australian Communications and Media Authority (ACMA) enforces the Spam Act 2003, which prohibits the sending of ‘unsolicited commercial electronic messages’ (known as spam) with an 'Australian link'. A message has an Australian link if it originates or was commissioned in Australia, or originates overseas but was sent to an address accessed in Australia.

The Spam Act covers email, mobile phone text messages (SMS), multimedia messaging (MMS), instant messaging (iM), and other electronic messages of a commercial nature.

Access

The best defence against spam is to take proactive steps to reduce it in your primary accounts.

You should:

  • limit possible exposure is by creating an email account which you only use to sign up to mailing lists, blogs, newsletters etc. If one of the organisations sells their lists, this account gets spammed instead of your primary account(s) e.g. work and home.
  • keep your virus protection up to date to prevent virus and malware infections, run regular scans
  • check privacy policies before submitting your email address to a website (check if they provide your email address to other companies)
  • when signing up to an organisations mailing list, be aware of pre checked boxes that give permission for partners to send updates
  • delete spam or unsolicited email messages
  • do not reply to spam under any circumstances. By replying to spam you confirm your email address exists which means it will keep being sent until the sender is blacklisted
  • don't click unsubscribe links in unsolicited emails. This is another attempt to confirm your email address exists
  • use the CSU Spam Filtering System to block and approve senders. Make sure you review blocked messages on a regular basis to ensure no legitimate emails have been blocked.

Be careful when downloading adware, freeware and shareware. These sites often ask for an email address before providing access to the download. You should also only get software from large and trusted sites. Always scan a file before opening in case it is infected with a virus.

Cost

CSU information security protection mechanisms are funded by the University and provided at no extra cost to staff.

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk

Viruses and Malware

Phishing and spam emails can contain viruses designed to disrupt the normal computer function.

Malware is any software intentionally designed to cause damage to a computer, server or computer network.

Computer viruses are a form of malware that attach themselves to a host (e.g. program files, data files, or files in your computer's operating system). From here, it replicates itself, spreading the infection to other files. Viruses can also be transmitted via:

  • downloads from the internet
  • network connections
  • portable media e.g. CDs, USB drives

SOPHOS Web Control, a monitoring and logging tool which blocks and logs dangerous or inappropriate websites is also enabled on CSU devices across University and external networks.

If trying to access dangerous or inappropriate (see categories below) websites, you will either receive a warning about proceeding or be blocked from accessing the site. Some inappropriate or dangerous (e.g. phishing or infected with viruses) websites are blocked outright.

  • Adult/Sexually Explicit (Warned)
  • Alcohol and Tobacco (Warned)
  • Anonymizer Proxies (tools to block internet activity) (Blocked)
  • Criminal Activity (Blocked)
  • Gambling (Warned)
  • Hacking (Blocked)
  • Illegal Drugs (Warned)
  • Intolerance and Hate (Warned)
  • Phishing and Fraud (Blocked)
  • Spam URL’s (Blocked)
  • Spyware (Blocked)
  • Tasteless and Offensive (Warned)
  • Violence (Warned)
  • Weapons (Warned)

If you think a website is miscategorised, please log a request the IT Service Desk containing:

  • the full website address
  • a brief summary of the website content
  • depending on the nature of the website, the reason why you were trying to access it

Access

The best way to minimise your chances of getting a virus infection is to be proactive and follow some basic steps:

  • install anti-virus software
  • make sure the anti-virus software you select is compatible with your computer's operating system and offers an update service
  • regularly update your anti-virus software definitions. New viruses come out every day; so it's important to update your virus definitions
  • regularly scan your computer for viruses using your anti-virus software
  • if your software allows, use its automatic protection features. These check for viruses whenever you turn on your computer
  • run a virus scan on any new programs or other files that may contain executable files before you run or open them
  • don't open emails or email attachments sent by a person or organisation you don't know

Cost

CSU information security protection mechanisms are funded by the University and provided at no extra cost to staff.

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk

CSU maintains up to date anti-virus definitions and performs regular scanning of email servers and internet traffic to minimise the University's exposure to viruses.

Even with these precautions, you are encouraged to use an anti-virus program on your personal devices.

Service Support Articles

You can sign up for email alerts from the Stay Smart Online to keep up to date about a variety of topics including phishing, scams, fraud, hoaxes, identity theft, privacy and social media (Facebook, Google and Twitter).

Report phishing emails to:

  • Google
  • Sophos - you can forward the email (or URL of a phishing website) to 
    is-spam@labs.sophos.com.
  • The ‘Report As Spam’ button also forwards a copy of the email to IT Security for logging and analysis.

Microsoft Edge provides a SmartScreen Filter to help protect you from phishing websites, you can also use it to report a phishing website: