Recognising suspicious messages and what to do with them

It’s easy to click on links in text scams when we’re busy or distracted.

Scams can contain links that take you to fake websites and urge you to enter personal information or update your phone software.

If you enter this personal info into a fake website, your device might get infected with harmful software, and your personal details could be used to infect the rest of our IT network.

You also risk information belonging to you, our organisation and our patients being stolen.

This is when you need to stop.

Look for the warning signs and take a second to think – Am I expecting this?

Why do I need to click a link to take action?

Does this feel right to me?

Is this offer too good to be true?

Always log in to make inquiries and payments from the organisation’s website or app.

And contact the organisation directly to confirm the message is real.

The quicker we report, the quicker scams can be shut down.

Forward suspicious text messages to the Department of internal Affairs (DIA) using 7726.

Then delete the message and block the sender’s number.

By keeping our patient and organisation information safe, we protect everybody.

Ka pai.

In a digital world, not all links are created equal.

Which would you click?

Links in messages are normal, but not all links can be trusted.

Feeling pressured, rushed or curious may make us more likely to click on a link.

Malicious websites often hide behind a link in the hope it won’t be checked.

These websites can look real enough for you to enter your password or give access to sensitive information.

Next time you get a message with a link – stop.

Think whether the message makes sense to you.

Then act knowing you’ve done your safety checks before clicking.

Verify a link by contacting the message sender.

For applications you use, log into the site directly by typing the URL or web address into a browser and checking for messages.

Check link. Check sender. Stop. Think. Act.

If you’re unsure of a link, call your service desk or IT support provider for help.

Think safe. Act quickly. Get help.

In the mahi (work) we do every day and night, we handle a lot of sensitive information.

Our patients, whānau and kaimahi (that’s our employees) trust we’ll respect their privacy and keep their information safe.

Phishing is when someone sends you a fake email often looking like it’s from someone you know, or a business you know and trust.

The email is meant to trick you into clicking links or opening attachments which are used to steal information or hack your computer.

In this example, them email appears to be from someone you know.

Asking you to click a link to change or keep your password the same.

A click on the link may direct you to a fake web page asking you to enter your login details where they could be stolen.

Ask yourself, why is a colleague asking me to do something about my Te Whatu Ora password on an email?

If you receive an unexpected email asking you to reset your password, please pause and…

Think safe. Act quickly. Get help. Contact your local helpdesk for immediate support.

Kia tere te whakamanawanui. Tono tautoko

I roto I mātou mahi o ia rā, o ia pō, he nui ngā pārongo matatapu ka tae mai ki a mātou.

ko ā mātou tūroro, ō mātou whānau ā mātou kaimahi hoki e whakapono mai ana ka whakautetia ō rātou matataputanga ā, ka pupuri haumarutia ai a rātou pārongo.

Ko te tikanga o tēnei mea te hītinitanga, ina tuku atu ai tētahi tangata he īmēra rūkaha ki a koe, ā ko te āhua nei nā tētahi tangata kē e mōhio ana koe, he pakihi rānei e mōhiotia ana, e whakaponotia ana rānei e koe.

Ko te tikanga o te īmēra he mahi tinihanga ewhakapōhēhētia ai koe kia pāwhiri atu koe ki ngā hononga, te huaki rānei I ngā tūhononga, ā ko te mahi o ēnei he tāhae pārongo, he mūrere rānei I tō rorohiko.

Hei tēnei tauira, ko te āhua nei ka puta ake te īmēra ānō nei nā tētahi tangata e mōhiotia ana e koe.

E tono ana ki a koe kia pāwhiri ki tūhonotanga kia panoni, kia noho ōrite tonu rānei tō kupu huna.

Mā te pāwhiri noa pea e ārahina atu koe, ki tētahi paetukutuku rūkaha e tono ana ki a koe kia whakauruhia atu āu taipitopito ohauru, I konei e taea ai te tāhaetia.

pātai ki a koe anō, he aha rā e tonoa ana ōku e tētahi hoa o ōku kaimahi mō tāku kupu huna mō Te Whatu Ora mā te tuku īmēra mai?

Ki te tae ake he īmēra ohorerer ki a koe e tono ana kia whakahōungia tō kupu huna, tēnā, e tū, whakaaro haumarutia ai,

Kia tere te whakamanawanui. Tono tautoko
Whakapā atu ki tō kaitautoko rorohiko e whiwhi tautoko inamata.

Person 1:
Hey, I got this weird email today claiming I won a competition I never entered. It’s asking for my bank details.

Person 2:
Yikes, sounds like a phishing attempt. Did you click any links?

Person 1:
No way! I didn’t recognise the sender, so I reported it as phishing, using the PAB button.

Person 2:
Good call. Always best to be cautious.

Person 1:
Speaking of which, I got a text from an unknown number asking for my personal info so that a parcel I hadn’t ordered could be delivered.

Person 2:
Definitely sounds phishy. What did you do?

Person 1:
I blocked the number and deleted the message. Didn’t want to take any chances.

Person 2:
Smart move. Better safe than sorry. I got a call yesterday from someone claiming to be from my bank, asking for my PIN to ‘secure my account’.

Person 1:
That’s scary. What did you do?

Person 2:
Hung up immediately and called my bank’s official number from their website. They confirmed it was a scam and advised me to ignore calls like this in the future.

Person 1:
Good thinking. It’s crucial to verify before sharing any personal info.

Person 2: Phishing Smishing Vishing
Couldn’t agree more. Always double-check and report anything suspicious.

Person 1:
Absolutely. Whether it’s email, text or calls, staying vigilant keeps our information safe.

Together:
Here’s to keeping alert to the three shings!

0:13
Scammers are constantly testing our cyber defences, looking for ways into our system so they can wreak havoc.

0:19
Scammers often use information found in their media or online, such as current events or employee names or job titles, to help gain trust and slip in unnoticed. Once they're in, they typically log in to a user's account and after downloading all their emails, files and contact information, can use the account to send more scams appearing to come from a trusted source.

0:40
Most mail servers will block any other mail servers which send a large amount of scam or phishing emails. So, if a scammer sends enough emails from one of your accounts, they've gained access to, it could result in all your organisation's emails being blocked having serious impacts to work and patients. To prevent this most organisations, have multiple layers of defence and teams of experts working together to identify, block and remove malicious emails from mailboxes.

1:07
So who are these experts? Well,

1:11
starts with you

1:15
huh? Just received this e-mail. Looks a bit dodgy so I reported it.

1:22
My colleague showed me a suspicious looking e-mail. I told them to report it.

1:28
Huh, I got one too. Definitely a scam. I'll have to make sure my IT team know about it.

1:36
We received multiple reports of a suspicious looking e-mail enabling us to quickly investigate and identify a phishing campaign targeting our organisation. We were able to block it and remove any messages which had already made it through.

1:54
As you can see, with the little teamwork, we can do our part to protect each other from scammers by giving our security teams the best chance to stop them. You report it, we'll sort it.

Hi everyone, today I want to talk about how new technologies like AI are changing the game while making things faster, smarter and more efficient.

New technologies are also opening up new opportunities for scammers.

For example, with AI powered voice and video cloning, cyber criminals can now create realistic fakes just like me.

I mean not like me, I'm the real Dan.

But don't worry, if you look closely, you can spot signs.

Enters Real Dan:

All right, that's enough for that.

Yep, that imposter was an AI clone.

It couldn't even get my accent right.

But it's pretty good, and it's going to be a lot better in future.

With AI tools becoming more and more powerful and easy to access, scammers are using them more to impersonate real people, and not just in emails.

They're already using them in voice and video calls, pretending to be friends, family or colleagues to convince people to give them what they need.

And while there are usually subtle or not so subtle signs that they're fake, it won't be long before they're impossible to spot.

So instead of worrying about spotting the fake, focus on spotting the scam.

Is there a sense of urgency?

Scammers love to pressure you into acting fast.

Are they asking for sensitive information?

No company will ever ask for passwords or MFA codes over e-mail or phone.

Does the request feel unusual?

Is your boss suddenly asking for gift cards?

Or is a friend messaging you out of the blue needing money?

Pause and take some time to verify.

AI scams work because they play on trust, but if you take a second to think before you act, you can stop them in their tracks.

Exactly.

Well said.

That's why If something feels off, double check it before you act.

Stay sharp, stay secure.