What is: Phishing
Phishing is a scam that cybercriminals use to try and steal sensitive information from you. Phishing is when a cybercriminal represents themselves as a trusted person or organisation with the intention of acquiring online information. Stolen information might include login credentials, financial information, or other personal information.
Contents
Why is this important
Queensland Health staff currently receive a significant number of phishing emails each day. The “Report Phishing” button within Outlook is a secure and easy way for staff to report suspicious emails. The location of the Report Phishing button varies depending on the way you access Outlook.
What are the different types of phishing?
Phishing scams are usually done with emails, but there are other methods and variations:
- Vishing is phishing over the phone.
- SMShishing is phishing scams sent via SMS text message.
- Whaling targets executives and other employees with the ability to authorise large financial transactions.
- Spear phishing is targeted based on something the cyber criminal knows about the individual recipient.
- Business email compromise is a carefully crafted email that appears to come from a trusted colleague or vendor. Cyber criminals often source information on social media sites like LinkedIn to find a working or personal relationship they can exploit.
Phishing scams all have the same goal (financial gain or identity theft)
What’s my role in this?
To protect our data and service delivery, it’s important to report phishing emails that come into your Queensland Health inbox.
What do I need to do?
You should report phishing emails to Queensland Health via your Queensland Health Microsoft Outlook account.
Select the suspicious email and click the Report Phishing PhishMe button in your Queensland Health Outlook inbox (see below). Your email will be sent to Cyber Security Group for analysis.
Can’t see the PhishMe button? You can add it to your Outlook ribbon.
If you’re still unable to use the PhishMe button, attach the suspicious email (do not forward) to a new email and send to cybersecurity@health.qld.gov.au
Report phishing emails and delete spam emails.
What’s the difference between phishing and spam emails?
Phishing
Phishing actively aims to trick you into revealing sensitive information (e.g. financial data or your login credentials).
Here are some warning signs:
- emails with a sense of urgency to act (e.g. pay now or your account will be closed)
- suspicious links with web addresses that do not match the legitimate organisation’s web address
- vague salutations or signatures (e.g. Dear Valued Customer)
- suspicious emails requesting sensitive data or changes to a vendor’s bank account details
- too good to be true e.g. ‘You’ve won a new iPad, just click here to claim your prize!’
Use the Outlook PhishMe button to report phishing emails. The suspicious email will be sent to Cyber Security Group for analysis.
Spam
Spam is unsolicited junk email usually sent for commercial purposes to bulk email lists. Here are some tips to help you declutter your inbox of unwanted spam emails:
- Mark spam as ‘Junk’ in Outlook or simply delete them.
- Unsubscribe to emails you may no longer wish to receive.
- Organise to have your email address removed from distribution lists that are no longer relevant to you or your work.
- Unless you’re unsure, avoid reporting spam emails using the Outlook PhishMe button.
- Instead, you can use the ‘Junk’ button in Outlook.
For more information, contact Cyber Security Group by emailing cybersecurity@health.qld.gov.au.
How to prevent being scammed:
- Don’t click on links or open attachments in emails from senders you don’t know.
- Add two-factor authentication to your accounts e.g. email, banking, and social media.
- Verify the email by contacting the sender directly using details you have sourced independently e.g. through a search engine.
- Don’t provide sensitive information to unverified sources.
What if I have clicked on links or attachments within a malicious email?
If you have clicked on any links or attachments within a malicious email:
- Immediately disconnect the internet/network access to your device. Do this by disconnecting the network cable and/or turning off the Wi-Fi.
- Call IT Support on 1800 198 175.
- Inform your manager.
Useful Links
- Information about Business email compromise
- Using the Outlook PhishMe button
- Using Report Phishing
- Adding the PhishMe me to your Outlook ribbon.