Security alerts, spam and threats

Phishing emails are one of the most common ways hackers trick people. These messages try to get you to click a link, download a file, or share personal information.

Phishing is like casting a wide net—hackers send the same message to many people hoping someone falls for it.

Spear phishing is more targeted. The message is personalized to make it look more convincing, like aiming at one person with a spear.

Always be cautious with unexpected messages, especially if they ask you to click, download, or share something.

Hackers often “spoof” their identity in phishing or spam emails to make it appear as though the message is from a trusted source—such as a friend, colleague, or well-known company like Apple or PayPal.

They use tactics designed to trigger fear, urgency, or curiosity. Here are a few examples:

• Curiosity: An email claims there’s “unknown activity” and includes a malicious Word document. The goal is to get the user to open the file out of curiosity.
• Fear and urgency: A message threatens public humiliation unless a ransom is paid. It may include a previously leaked password to appear credible.
• Account panic: A fake PayPal alert warns of suspicious activity and urges the user to click a malicious link to “clear their name.”

When checking emails, always stop and ask:

• Do I know the sender?
• Was I expecting this email?
• Does my recent activity justify this message?

Email preview mode: Most email clients allow you to preview attachments. Don’t be fooled—previewing a file is the same as opening it. If it contains malicious code, it will still run.

Only open attachments you’re expecting and can verify the sender’s identity.

If you notice a spam or phishing email you can report these directly using the built in functions of Outlook.

Reporting Spam/Phishing in Outlook

Hackers sometimes send fake Word or Excel files that can secretly install harmful software on your device. These files are made to look normal but can be dangerous.

If you get a file ending in .docm, .xlsm, or .pptm, do not open it unless you were expecting it and know who sent it.

Always check the file type and sender before opening any attachments. If something feels off, report it.

Accessing the internet on a public wi-fi network is dangerous, as anyone else on the network can easily view the data you’re sending or receiving. The safest option is to tether to your phone’s internet, if possible.

With dozens or even hundreds of accounts across the services you use every day, it’s easy to fall into the habit of reusing the same password. While convenient, this can seriously compromise your security.

To protect yourself, use a strong passphrase that is at least 15 characters long. Combine two or three unrelated words with numbers and symbols to make a strong password.

Another smart approach is to use a password manager like LastPass, KeePass, Keeper, or DashLane. These tools automatically generate secure passwords and store them safely for any new accounts you create.

How secure is your password? Has my password been compromised?

Always remember that any data posted on the internet is on there forever.

Hackers often rely on their victims to overshare information on social networks and forums, such as their email address, place of employment/study and job position. This information can not only make you a target for hackers, but it is also leveraged by hackers to conduct spear phishing attacks.

Always be conscious of what you share on the internet and never overshare information with people that don’t need to know.

If you step away from your laptop, phone, or computer, take it with you. If that’s not possible, lock your device to prevent unauthorized access.

Some devices can be set to erase data after several failed login attempts.

When travelling, do not leave devices unattended in hotel rooms. Use the safe provided or keep them with you.

Always back up your data to an external hard drive or cloud storage service such as your LTU OneDrive account. For personal data, we suggest you use a Google Drive, iCloud, or personal OneDrive account.

Software bugs and security flaws are regularly discovered, and some can let hackers take control of your device. These issues are often fixed quickly, but it is your responsibility to keep your software updated.

Always install updates for Windows, macOS, iOS, Android, and any programs you use. Most devices let you turn on automatic updates in settings so you stay protected without needing to do anything manually.

Most of the time, a hacker wanting to infect you with a virus or ransomware will rely on you to run an executable file they send to you. These can be identified as having file extensions such as .exe or .msi.

Never run executables from sources you don’t trust. Always verify the file and where it came from.

Hackers’ attacks aren’t limited to the Internet. Infected USB storage devices are often used by hackers to spread viruses and ransomware. There are also USB devices that can steal your passwords or even overload and physically destroy any device it’s plugged into.

Never plug in a USB device that you randomly find or are given to from someone you don’t trust.

Find out more about staying secure online with the following resources:

• IDCARE – national identity and cyber support service
• Google Scam Spotter
• ACCC ScamWatch
• Stay Smart Online

Keep up-to-date with new cyber threats and trends:

• The Hacker News