Related links
Keeping your information safe
- Cyber security overview
- Email scams (phishing)
- Using your UniKey safely
- Protecting sensitive data
- Browsing securely
Email scams (phishing)
The University is regularly targeted by email scammers (phishing) attempting to manipulate students and staff into providing confidential information.
We have established strong security controls to help protect you from receiving these types of fraudulent emails, but you may still be at risk.
Email protection at the University
Email is the University’s primary communication tool to send important messages to you as a student. It is also the most targeted communication channel for cyber threats and other malicious email attacks.
The University uses Mimecast to help protect your email account from a wide variety of these attacks.
It provides email protection through the scanning of all email links and URLs before allowing access to the link/URL. Emails found to contain potential junk / spam content, or malicious attachments aren't delivered directly to your email account. Instead they are held in a quarantine area.
If any emails have been quarantined, you will receive a daily email notification titled ‘Blocked Spam Notification’ to review the quarantine list, and decide whether to block, release or permit these emails. You can also review your list of quarantined emails at any time.
Mimecast will also scan file attachments and block any attachments deemed malicious. If an attachment is found to be malicious, it will be replaced with a Mimecast email message or completely blocked.
To learn more about how our email protection works, check our Service Now knowledge base article.
Phishing email techniques
The following techniques are often used in phishing emails.
- Urgency – this technique attempts to gather a user’s credentials or other confidential information by presenting a financial opportunity that they must act on quickly.
- Threat – messages will try to manipulate a recipient to resolve a bogus situation. These include blackmail or a financial penalty that will increase if the recipient does not respond, or that the recipient’s credentials have already been compromised.
- Curiosity – these fraudulent emails are crafted to attract attention and curiosity with a small amount of information and try and entice the recipient to click on a link to gather more information.
- Familiarity – messages will be designed to look like a large reliable brand or appear to come from a trusted source.
Examples of this may be where a sender:
- masquerades as government correspondence
- claims to be from your bank, asking for account information
- urgently prompts you to provide information or take unusual action
- offers extraordinary but unrealistic rewards
- uses publicly known personal and professional relationships.
How to recognise a phishing email
- Look carefully at the sender’s email address to make sure it is legitimate (is the organisation name correctly spelt or different in some way?).
- Scammers try to grab your attention by crafting a message that looks official, important or urgent and take advantage of your anxiety, concern or your willingness to help.
- Scam emails are designed to look genuine, and often directly copy the format used by the organisation the scammer is pretending to represent. This includes their branding, corporate stationery and logo.
- Never click on a link or attachment in an email unless you are sure that the URL is correct, or the attachment is safe. Scammers use this technique to trick you into:
- clicking a link that takes you to a fake website
- opening an attachment infected with malware that could infect your computer.
How to report a suspicious email
If you’re not sure whether an email is real or fake, you can report it through the ‘Report Message’ button in Outlook. You can also contact the University Shared Service Centre on 1800 SYD UNI (1800 793 864) or +61 2 8627 1444 (option 4 for ICT) or email ict.support@sydney.edu.au.
Last updated: 25 October 2023
