Protect your devices


Electronic junk mail is commonly known as spam. These are electronic messages you may not have asked for, sent to your email account, mobile phone number, or instant messaging account.

The content of spam messages varies. Some messages promote legitimate products or services, while others will attempt to trick you into following a link to a scam website where you will be asked to enter your bank account or credit card details. 

The best way to protect yourself from malicious email is to stop it from reaching you. That way, there’s no chance it can influence you into doing something you might regret. 

  • Don’t share your email address online unless you need to, and consider setting up a separate email address just to use for online forms or shopping. 

  • As much as possible, have separate email accounts for personal and business use.  

  • Use a spam filter to catch these messages before they get to your inbox. Most modern email systems have reasonably effective spam filters to prevent spam appearing in your inbox. If you’re not sure, ask your internet service provider. 

  • Delete spam messages without opening them. 

Other steps you can take to limit spam 

  • Before using your email address online, read the website privacy policy – it will tell you how they will use the personal information you provide. 

  • When you sign up for an online account or service, be aware of default options to receive additional emails about other products and services. 

Cybercriminals can be clever and some messages might still make it through to your inbox. Here’s how to protect yourself from these malicious messages.

To protect yourself from these malicious messages: 

  • Don’t open messages if you don’t know the sender, or if you’re not expecting them. 

  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name. 

  • Don’t reply to or forward chain letters you receive by email.  

  • Think carefully before clicking on links or opening attachments. 

  • If a message seems suspicious, contact the person or business separately to check if they have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message.  

  • Before you click a link, hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link. 

  • Ensure you have up-to-date anti-virus software installed on any device used to access email. 

Αny web email service providers like Google, Microsoft and Yahoo provide multi-factor authentication (also known as two-factor authentication) for extra security of account data.

How does it work? Typically it is a two-step process where a user must provide more than one type of proof that they are authorised before they can access an account. For example, you might need to provide a password as well as a second form of identification, like a code sent to a mobile phone that is registered with your account. 

Mult-factor authentication makes it more difficult for someone else to sign into your email account. Even if someone finds your password, they would be stopped from getting into your account unless they have the second form of identity. This security feature is also available for other systems, for example, when banking online or accessing government services online such as myGov. 

Where possible, we recommend you turn on multi-factor authentication for your accounts. 

Use the following advice to make your mobile phone or tablet more secure: 

  • Set a password, Personal Identification Number (PIN), passcode, gesture or fingerprint that must be entered to unlock the device. Don’t forget to put PINs on your SIM card and voicemail, and ensure your device is set to automatically lock. 

  • Install reputable security software that includes antivirus and anti-theft/loss protection – your device’s retailer or service provider can provide recommendations. Only install applications from the official device application store and do not ‘jailbreak’ your device. 

  • Use your device’s automatic update feature to install new application and operating system updates as soon as they are available. 

  • Set the device to require a password before applications are installed. This will prevent unauthorised modifications to the device. Parental controls could also be used for this purpose. 

  • Leave Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it. 

  • Ensure your device does not automatically connect to new networks without your confirmation. 

  • Record the International Mobile Equipment Identifier (IMEI) of your handset. Your IMEI is a 15 or 17 digit number often printed on a label under the battery or found in the settings under general information about your device. If your device is lost or stolen, report this number to your provider and they can stop the handset from being used. 

  • Enable the remote locking and/or wiping functions, if your device supports them. 

The information stored on your phone is valuable, take these steps to help protect it: 

  • Back up your data regularly, either with a backup application or by manually syncing the device with a computer. 

  • Do not save passwords or PINs as contacts on your phone or tablet.  

  • Enable device encryption to protect personal data stored on the device where possible. 

  • Check the privacy permissions carefully when installing new apps on your device and only install apps from reputable vendors. Where you can, make apps or profiles private and password-protected.  Learn more about protecting yourself from mobile malware. 

  • Ensure you thoroughly remove personal data from the device before selling or recycling it.

You also need to be careful about where you use your phone – both online and off: 

  • Use public Wi-Fi networks wisely – for example, don’t do your online banking using these networks. Learn how to protect yourself when using public Wi – Fi. 

  • Don’t use chargers supplied by third parties or charge electronic devices at public charging stations or USB charging outlets. Only use genuine chargers supplied with electronic devices. More advice from the Australian Cyber Security Centre – Travelling With Electronic Devices. 

  • When connecting using Bluetooth, do it in private areas only. 

  • Use reputable sites and applications when downloading anything from the internet. 

  • Log out of websites when you are finished.  

  • Turn off location services when you are not using them and limit the applications that can track and use this information. 

  • Think before you click. Do not open links or attachments unless you are expecting them and you trust the source. If in doubt, hovering over links often allows you to see the destination URL and you can decide if you recognise the website or email address – although URL shortening can make this difficult. 

Where you download apps from and how you use them plays a critical role in keeping your mobile phone secure.

Malicious apps will try to steal personal information from your phone and can expose your device and data to malware. 

Malicious apps can pave the way for attacks ranging from unwanted pop-up ads to more serious efforts to steal personal and financial data. They can also lock your files and demand a ransom for the key to let you access them again.  

Advertising apps, although often legitimate, can be used to promote other malicious apps, or collect large amounts of data to exploit and sometimes carry out cybercrime.

You should closely review each app before downloading it for indications it may be fake. Some fake apps may be identified by poor grammar or spelling, or by the use of names very similar to those of recognised brands.

If you are not sure if an app is legitimate, contact the business the app claims to be from by first searching on the internet for their official website and contact details. 

While Apple’s App Store or Google Play for Android are recommended official stores to install apps from, you should be mindful that fake, impersonating or malicious apps can still make their way onto any app store. 

Staying safe

Before downloading a new app, take a few minutes to do your online research: 

  • What do reviews from others say about the name of the app or its developer? 

  • If in doubt, search for the web page of the developer. Lack of details about the developer, with links that go to legitimate sites instead, can be a red flag. 

  • If an app is trying to impersonate a trusted brand, you may be able to see inconsistencies between the product and service offerings compared to what is on the business’ official website. 

  • Look at comments from when the app was launched. Reviews in quick succession of launch are sometimes a warning it’s fake. 

You should also:

  • Avoid installing apps from links in emails, social media, text messages and websites that look suspicious. 

  • Use your device’s automatic update feature to install new applications and operating system updates as soon as they are available. 

  • Read the fine print about how an app will protect your personal data—some apps collect information such as your location, contacts, and other sensitive details like credentials. At the end of the day, if you are not comfortable with how your data is protected, don’t use the app! 

  • Make sure you review and manage permissions for each app you download. On an iOS device go to ‘Settings > Privacy’. On an Android device go to ‘Application Manager’ and follow the prompts.  

  • If the permissions required by the app seem excessive compared with what activities you’ll be using the app for, it may be a sign that it’s not a trustworthy app. 

  • Do not remove hardware restrictions—known as ‘jailbreaking’ on Apple phones and ‘rooting’ on Android phones—to install unapproved third party apps. This makes your phone more vulnerable to malware as it reduces the in-built security protection. 

  • Uninstall apps when you no longer need them. 

  • If you suspect a fake app impersonating a trusted brand is available on an app store, contact the organisation that the app claims to be from, through contact details sourced from an official website.

Webcams are internet-connected cameras that allow you to connect with someone or record videos.

Webcams can be built into your computer or bought separately. They can also be used to see who you’re chatting to, as a baby monitor or to support your home security.

How do webcams get hacked?

Cybercriminals can use malware to remotely access and control your webcam.

This type of malware is known as Remote Access Trojans or RATs. Once installed, cybercriminals can turn on your webcam and see exactly what it sees. This type of malware is often mistakenly installed via an unsafe click from a website or email.

Remember: Be wary and don’t click on links in unexpected emails or messages from people or organisations you don’t know.

While many people opt for a piece of tape over the camera, chances are if your webcam is hacked, then your entire system is in the hands of a hacker.

While many people opt for a piece of tape over the camera, chances are if your webcam is hacked, then your entire system is in the hands of a hacker.

Follow these simple steps to keep your entire system safe.

For inbuilt webcams:

  • install all operating system and software updates when prompted
  • install anti-virus software and run regular scans
  • always practice safe browsing
  • don’t accept video calls from people you do not know.

For stand-alone webcams:

  • install software updates for the application it uses
  • change the default password
  • keep it turned off when not in use.

What’s the risk?

Cybercriminals hack webcams to stalk people or exploit the device for use in a botnet.

A botnet is a collection of devices that might include your computer, mobile phone and other devices connected to the internet, which are infected and remotely controlled to carry out malicious activities. Typically, the owner of the device has no way of knowing a botnet has infected their system.

There have been many media reports of hacked baby monitors, blackmail threats with stolen footage, and stalkers arrested after police found they were watching victims through hacked webcams.

  • In 2016, hackers hijacked baby monitors (among other connected devices) to form a botnet that targeted high profile websites such as Twitter, PayPal and Spotify.
  • Cybercriminals have also scammed people via video calls where the victim was pressured into explicit activity, only to have the footage secretly recorded and used later for blackmail.