What is a cyber threat?
A few of the most common scams and cyberattacks are detailed below, as well as some tips you can follow to protect yourself.
Phishing attacks (pronounced like fishing)
This is one of the most common attacks – it’s when an attacker contacts you pretending to be somebody you know or an organisation you trust, and tries to get you to give them personal information or open a malicious website or file.
They can be by email, text, direct messages on social media or even phone calls. They can:
- Be from a trusted sender (or mimicking a trusted sender). These can include your bank, the Government, Netflix, Microsoft, Apple, Amazon - or even try to impersonate your manager or a family member.
- Contain an urgent request claiming you need to act now. Often these messages include content such as something will be cancelled, you will need to pay a penalty, or that you are going to miss out on a special deal.
- Include a link to a website or an attachment. The website is fake and designed to get you to enter your username and password (or other personal information) so they can steal it.
- Look carefully at any messages you get that want you to take urgent action
- Pay attention to the email address of the sender to ensure it's legitimate
- Never open any links or attachments you weren’t expecting; even if they appear to come from somebody you trust. Reach out to the sender, preferably via a different method (eg text, Teams, phone) and confirm the attachment is genuine before you open it.
- Opening a malicious file attachment
- Downloading and opening a file from an unsafe website
- Opening a file or installing an app that appears to be useful but is actually malicious
Find out more here.
How can you protect yourself from cyber threats?
There are a number of ways you can protect yourself from common cyber threats:
- Turn on automatic updates
- Activate Multi-Factor Authentication (MFA)
- Regularly backup your devices
- Use passphrases to secure your important accounts
- Secure your mobile device
- Develop your cyber secure thinking
How can you secure your personal data and protect your devices?
- Share your personal information in real time only, preferably in person or by phone. Be careful of what you share on social media.
- Be sceptical of messages with links, especially those asking for personal information
- Be on guard against messages with attached files
- Go passwordless and use an authenticator app for stronger security
- If you must use passwords, make them strong and unique with a password manager
- Enable the lock feature on all your mobile devices
- Install software updates immediately
- Ensure all the apps on your device are legitimate
- Use Windows 11 and turn on Tamper Protection to protect your security settings
- Keep your browser updated, browse in incognito mode, and enable Pop-Up Blocker
Read more about these 10 tips, as well as some simple tactics to help you.
Marathon Health training
We have a range of training resources available on the MYGO1 Platform (enter Cyber in the search function to view a full listing). We also run targeted training sessions via Teams, throughout each year.
Marathon Health case studies
Staff member opened a phishing email on work mobile after hours, resulting in up to 100 staff/contractors' employment information being compromised.
Marathon Health simulation exercises
As part of the COG Cyber Awareness Development program, we run planned phishing simulations across the organisation. The simulations are emailed to all staff, and are designed to replicate a real scam email. From these exercises, we are able to:
- Determine how aware staff are of the risks
- Identify how capable staff are of handling an attack appropriately
- Gain an indication of our risk of phishing exploitation
How to protect yourself
Staff are always encouraged to follow our procedure – DO NOT open the email, simply delete the email from both your Inbox and your Deleted items folders. You should never:
- Click any links
- Open any attachments
- Provide login details or provide any personal/financial information
If you do, notify the IT Service Desk immediately and RESET your password.
More information and general resources
Test your skills in spotting a scam and take the quiz
- Read about other common scams, examples and tips
- Read the Personal Cyber Security: First Steps Guide
- Read the 10 easy rules to secure your personal data and protect your devices
- Check out this handy Personal Cyber Security summary checklist to track your security progress
- Watch the video 11 Tips for Identifying Fake Websites and Phishing Emails
If you still have questions or concerns, talk to your manager, reach out to one of the COG members or email firstname.lastname@example.org