Cyber security 101 for students

How can I protect myself from cyber scams?

Beware of phishing, smishing and vishing

Hackers use tactics to take advantage of the activities that go hand-in-hand with students heading off to university such as looking for an apartment, applying for a visa, signing up for utilities, or getting a new credit card.

Scammers may contact you via email (known as 'phishing'), SMS (known as 'smishing'), phone call (known as 'vishing') or even your socials. They may pretend to be from the university, the government, tax department, police, immigration, foreign embassy, or your bank, to discuss your recent application for a scholarship, student loan, visa, work or a credit card.

They try to convince you to act, often with urgency, giving out your private information and/or access to bank accounts.

Protect yourself from online scams

Never respond to requests for personal information via email as legitimate organisations will never ask for your passwords, credit card numbers, or other personal information in an email.

If you do receive an email or text message requesting this kind of information, do not respond, reply, click on links or images, or open any attachments. It’s safer to type the known website address for the company directly into the address bar in your internet browser.

If you suspect that you’re called by a scammer, just hang up and contact the organisation online or by calling the number on the official website.

It’s also wise to check your credit score regularly (via CreditSavvy for example) and review credit card and bank statements as soon as you receive them to check for unauthorised charges.

What to do when scammed?
When the University can help:

If you receive phishing or even junk email in your UWA inbox, please use the Report Message add-in (If using Microsoft Outlook, this is accessible from the Home tab) to flag and quarantine the message, and to help protect others from the same scam.

For other issues concerning your University accounts and devices please contact the University IT Service Desk by calling +61 8 6488 1234 or emailing IT-[email protected].

In any other cases:

If you feel you have been a victim of a phishing scam outside of the university, you should immediately report the scam to the company involved, like your bank. If you are unsure how to contact the company, visit the company's website to get the correct contact information. The company may have a special email address to report such abuse. Remember not to follow any links in the phishing email you received. You should type the known website address for the company directly into the address bar in your internet browser.

If you feel you have been a victim of other scams or cyberbullying, report it to the eSafety Commissioner and the Australian Cyber Security Centre.

If there is an immediate threat to life or risk of harm, call 000.

Important steps that you must consider when reporting a cybersecurity incident:

Close or freeze affected account;

Reset all account passwords;

Contact your bank or financial provider;

Inform family and friends;

Scan your computer system and remove any devious programs;

Steer clear of phishing emails.
How do you know if you've been hacked?
Some of the warning signs that you might have been hacked include:

You are signed out of your online accounts (social media, email, online banking, etc.), or you try to login and discover your passwords no longer work.

You receive emails or text messages about login attempts, password resets, or multi-factor authentication (MFA) codes that you didn’t request.

You notice strange emails in your 'Sent' folder.

You receive more spam emails — especially ones that specifically threaten or try to extort you.

Friends or family members tell you they’ve received strange messages from your email or social media accounts.

You receive a data breach notification from a company or service that you use.

You suddenly receive pop-ups that claim your device is infected with a virus.

Your devices slow down, heat up, or start to crash more often.

You notice browser plugins, add-ons, or toolbars that you didn’t install.

You get redirected to unwanted websites, or they open automatically behind your browser window.

Your cursor starts moving by itself — when you haven’t touched the mouse or trackpad.

There are suspicious charges on your credit card or bank statements.

Your web camera light is on, even when you’re not using it for video calls or recordings.

Your antivirus software is disabled when you haven’t changed anything.

Google “Have I Been Pwned” and check if your email has been involved in known data breaches. If so, change the password of all the accounts affected.

How can I protect myself from social media dangers?

Do assume all your posts are public

Even if you choose the highest security settings, anyone you are connected to can share your content with anyone they are connected to. Words can be copied and pasted, images can be downloaded, and screen captures can be taken and saved or shared. Your posts may stay out there forever even if you change your mind and want to delete them. If you are employed, your employer may have a social media policy that you also need to comply with.

Think carefully before you post.

Do watch out for fake friend requests

It’s best not to accept friend requests from anyone you don’t know personally. If you accept a friend request from a fake profile set up by a hacker, they can not only see everything you upload to your social media, but they can also download your photos and information and set up a fake account using your name and sending requests out to all your friends.

Verify friend requests before accepting them.

Report cyberbullying

Cyberbullying includes the use of social media, instant messaging, texts, websites and other online platforms to send abusive or hurtful texts, emails, posts, images or videos; spread nasty gossip or rumours online; or impersonate someone online or use their log-in; creating hate sites or implementing social exclusion campaigns on social networking sites.

When the University can help:

For problems concerning your University accounts and devices please contact the University IT Service Desk by calling +61 8 6488 1234 or emailing IT-[email protected].
You can drop into The UWA Living Room for a chat or the get support if you are feeling worried, stressed or upset.

In any other cases:

If you feel you have been a victim of cyberbullying, report it to the eSafety Commissioner and the Australian Cyber Security Centre.
If there is an immediate threat to life or risk of harm, call 000

How can I protect my accounts & passwords?

Enable Multi-Factor Authentication (MFA)

MFA is a security measure that verifies your identity by requiring multiple proofs of identity to grant you access. Rather than just asking for a username and password, MFA requires additional credentials, such as a code from your phone. It helps keep your account safe even when your password gets stolen.

For information on how to set up MFA for UWA account, please visit the University IT’s website.

Do not share your passwords

Sharing your password puts your physical and digital security at risk because it allows others access to all your personal information and provides them the power to post on your behalf or perform prohibited activity.

At UWA, it’s against the Acceptable Use of IT Policy to share your University passwords with anyone.

Use password managers

A password manager is a type of browser add-in or app on your device that stores your passwords, so you don’t need to remember them. Once you’ve logged into the password manager using a ‘master' password, it will generate and remember your passwords for all your online accounts. It allows you to use strong, unique passwords that are difficult to hack (and remember).

UWA has partnered with LastPass, a password manager to help you create, store and manage passwords for your accounts. You can create your own LastPass account for free using your UWA student email address as LastPass username. Please note that these accounts are not managed by the University.

More information

For more information and handy cyber security tips, visit the University IT’s cyber security website.

The University of Western Australia

35 Stirling Highway
Perth WA 6009 Australia

+61 8 6488 6000

Emergency
+61 8 6488 2222

CRICOS 00126G | PRV12169
Australian University

The University of Western Australia acknowledges that its campus is situated on Noongar land, and that Noongar people remain the spiritual and cultural custodians of their land, and continue to practise their values, languages, beliefs and knowledge.

Indigenous Commitment

Study

Research

News

About UWA

Community

Contact UWA