Dear CBCA friends,
The world is facing a growing number of ‘cyberthreats' right now. (I’m sure you know, but just in case - ‘cyber’ means ’relating to computers or computer networks’.)
As a result, we're asking you to brush up your skills to avoid ‘phishing’. (‘Phishing’ occurs when an attacker sends a fake message designed to trick you into revealing sensitive information.)
Brushing up your cybersecurity skills is likely to be valuable to you. In addition, the CBCA community will benefit because our shared information technology (IT) resources including websites and Sharepoint will be more secure.
The CBCA’s IT expert, Murray Ware, and the Communications Subcommittee recommend that you read the Australian Government’s Cyber Security Centre phishing advice, which is brief and includes a useful interactive quiz. You can find it on this page.
Here is a starter exercise - are you sure this email you're reading is itself legitimate? Did you hover your cursor over the link to this page
in the sentence above to make sure it was taking you somewhere legitimate before you clicked to open it? Did you carefully read the address the email was sent from? Verifying an email from the address of its sender is not foolproof but it’s very helpful. For example if the email address on this email was email@example.com
you should be suspicious. You might also like to hit reply and notice if the reply address is the same address you received the email from.
If you didn’t do these things, don’t worry, lots of people are still learning. Just click on that link when you have 20 minutes to spare.
EXTENSION EDUCATION ACTIVITIES
For those wanting a bit more, here are some points NOT made by the Australian Cyber Security Centre.
1. Understanding domains and subdomains is important to cybersecurity and not difficult. When you know the correct name of the domain, you know when you are dealing with the real organisation. For example, the CBCA’s correct domain name is cbca.org.au
. If you see that in the ‘url’ (the address of a webpage which is shown in your browser’s address bar) you know the site is legitimate. You also know that subdomains are legitimate. A subdomain is indicated by letters IN FRONT of the domain name. Here is a link to the Queensland branch of the CBCA.
When you hover over that link with your cursor you’ll see it reads: https://qld.cbca.org.au/
You know that's a subdomain of the official CBCA website because it has the Queensland qualifier qld. before CBCA.org.au
. If it was cbcaqld.org.au
, it would NOT be an official subdomain, and might not be trustworthy. Neither would cbca.qld.org.au.
Examples of safe links
Examples of unsafe links
2. Keep an eye out for little changes in a domain name that might take you to the wrong place. For example, a scammer might create a new domain called cbca.com
which looks a lot like our domain and could be used to scam you for a while before we caught up with them.
3. Addresses starting with http:// rather than https:// are discouraged these days. They can still be OK but you should never enter any personal information into such a site.
4. AND FINALLY, look for a padlock in your web browser address bar to ensure certificates are valid. It looks like this: