Why does UQ have email security?

UQ has over 27,000 staff email accounts and over 1.7 million emails are sent to UQ daily. 89% of these emails contain cyber threats, including viruses, malware and phishing links.

In March 2018, over 60 email accounts at UQ were compromised due to phishing emails. These infected email accounts were used for internal and external malicious activities such as spam emails and financial gain.

Types of email threats

Malware 

Malware scammers send emails and social media messages at random with links purporting to be on something topical—news, an event or something 'interesting'.

If you click on the link you may be taken to a fake website that looks like the real deal, complete with logos and branding of legitimate sites. In order to view the video, you will be asked to install some software, such as a ‘codec’, to be able to access the video format. If you download the software, your computer will be infected with malware (malicious software).

Another way of delivering a malware scam is through websites and pop-ups that offer 'free' file downloads, including music, movies and games, or free access to content, such as adult sites.

Malware scams work by installing software on your computer that allows scammers to access your files or watch what you are doing on your computer. Scammers use this information to steal your personal details and commit fraudulent activities. They may make unauthorised purchases on your credit card, or use your identity to open accounts such as banking, telephone or energy services. They might take out loans or carry out other illegal business under your name, or even sell your information to other scammers for further illegal use.
 

Ransomware

Ransomware is a type of malware that blocks or limits access to your computer or files, and demands a ransom be paid to the scammer for them to be unlocked.

Infected computers often display messages to convince you into paying the ransom. Scammers may pretend to be from the police and claim you have committed an illegal activity and must pay a fine, or they may simply demand payment for a 'key' to unlock your computer.

If you pay the ransom, there is no guarantee your computer will be unlocked.
 

Phishing

Email phishing scams attempt to get usernames, passwords, credit card numbers and other sensitive information, while email spear-phishing attacks seek private credentials by sending email appearing to be from a known individual or business.

Further information regarding different types of cyber threats can be found on the Scamwatch website.

New email security system

UQ's previous email security system was in service for over 9 years and had worked continuously in the background to stop malicious emails entering the UQ network. As email attacks are becoming more sophisticated and increasing in regularity, a new system was required to provide adequate protection. The new system includes the following features:

  • Improved protection level
  • Functionality to allow end users to review any potential spam held within the system
  • Additional deterrence for bulk email spammers
  • Validation of web links embedded within emails

 

 

 

Video Guide

 

Transcript

 

Mimecast has been implemented in the background to make sure that your emails always get to you; but when bad emails are headed your way, such as malware threats like viruses or even spam, Mimecast steps in the way and herds these types of emails into a hold area. This ensures that the emails don’t get delivered down to your computer. When these bad emails are put on hold, a notification called the digest is going to be emailed through to you.

The digest gives you links to be able to do one of two things: either you can choose to reject that bad email, so that it gets back to where it got sent from; or you can release the email so that it gets delivered to your mailbox. Depending on how your administrator has set up your rules, you may get a notification like you can see here that just tells you that an email was put on hold. With one of these, you would still need to contact your administrator and ask them to release the email for you. 

If you receive a digest, however, it provides you with a summary or a list of all of the emails that are currently on hold, and there are three main options available to you:

1. You can release the email, which is kind of like a one-time fix, because the email will get released and delivered to your mailbox, but perhaps in future it may be put on hold again.

2. The next option you have is to permit. The permit is a special action, because it will release the email so it does get delivered to your inbox, but also puts a rule in place to bypass spam checks. So if you’ve got one of these emails that was put on hold by accident when it wasn’t meant to, it’s best to click this option and in future we won’t be putting that email on hold.

3. Finally, you’ve got the reject option. This will automatically create a policy to block any future emails from that sender and also it removes the email from that hold queue as well.

You could also choose to completely ignore these notifications. Items will remain in the hold queue for 30 days and thereafter you can always retrieve them from your archive if you need them. 

You can also contact your administrator if you need help with releasing items from the hold queue.

Held Email Actions

You can view and control these messages without having to contact ITS, by using the automated email sent to your Inbox. The email displays a summary of your messages in the Hold Queue, with the email's delivery frequency controlled by your Administrator. If there are no messages in the Hold Queue, you'll not receive an email notification.

The email lists the actions you can take to ensure legitimate, safe messages aren't missed, and are released to your Inbox. You can either take action or ignore the email if it contains no relevant messages. The actions you can take are:

 

Action

Message Delivery

Future Messages

Release

Releases the message from the Hold Queue, and delivers it to your Inbox.

Messages from this sender are still subject to your Administrator's policies, so they may be sent to the Hold Queue.

Block

Removes the message from the Hold Queue, but doesn't deliver the message to your Inbox.

Messages from this sender are blocked, rejected, and won't be delivered to your Inbox.

Permit

Releases the message from the Hold Queue, and delivers it to your Inbox.

Messages from this sender bypass all spam checks, and are delivered to your Inbox, provided they passes virus scanning, content, and attachment policies.

Each message in the email must be actioned individually. If no action is taken on the messages, you won't be reminded about them and they will expire from the Hold Queue after 14 days. Please contact the ITS Service Desk at help@its.uq.edu.au or (336) 56000 for assistance.

Held Email notification example

Below is an example email you will receive if the email security system places email on hold for you to review.

 

 

How to Unblock senders

If you have accidentally blocked a contact, please contact the ITS Service Desk at help@its.uq.edu.au or (336) 56000 for assistance.