Think before you click

As COVID-19 related scams become more prevalent, it's important to protect yourself from falling victim to a security incident, such as a malicious software attack or online scam.

Digital technology is an integral part of our daily lives and the benefits are huge for the health sector, but we all need to be aware of the potential risks.

Email and SMS

Even though email provides a fast, convenient way to send and receive information, it’s not always the best option, particularly for sensitive information. Email is also frequently used for scams, phishing and distribution of malicious software.

By default, email is not secure. Unless encrypted, email can be read during transmission, and consequently, unencrypted email should not be used to send sensitive information, such as healthcare information.

If you are not sure whether an email is legitimate, do not click on links, open attachments or reply.

Adopt a ‘think before you click’ approach for email, SMS and other online messages. Be particularly cautious with messages that invoke a sense of urgency, sound too good to be true, or come from organisations that you don’t recognise. If in doubt, contact the sender using contact details from a legitimate source.

Additional information about phishing and using email safely is available on the Stay Smart Online website.

Social media

Take care to check images before posting in social media to make sure there is nothing sensitive in the image background, such as healthcare consumers or their healthcare information (e.g. electronic records, paper files or information on a whiteboard).

It is also important to ensure you use the maximum privacy settings on all social media platforms. Although this does not provide a guarantee, it does help reduce the risk of your information being accessed or compromised.

Once you post something online, you have lost control of who accesses it and what they do with it.

Wi-fi

If you don’t need to enter a password to connect to wi-fi, your connection isn’t secure. With the right tools, anyone connected to the network can see the unencrypted information you send and can also capture session cookies – which can potentially allow the attacker to log in as you, even if they don’t know your username and password.

To improve security, you can install a reputable virtual private network (VPN) solution on your device to create an encrypted ‘tunnel’ that allows data traffic to pass securely over public wi-fi networks. Otherwise, it is best to limit your use of public wi-fi for general internet browsing, and avoid entering sensitive information.

Additional information about using wi-fi safely is available on the Stay Smart Online website.

Resources

You can learn more in the ‘Think before you click’ module of the Digital Health Security Awareness eLearning course.

Information about the latest scams is available on the ScamWatch website, including information in The little black book of scams and the publication If it sounds too good to be true ... it probably is.