Related links
Keeping your information safe
- Cyber security overview
- Email scams (phishing)
- Using your UniKey safely
- Protecting sensitive data
- Browsing securely
- Installing updates
Email scams (phishing)
Increased risk of phishing scams following Canvas cyber incident
Following recent cyber incidents, there may be an increase in highly convincing phishing emails, text messages, or phone calls to students.
These messages can appear genuine because they may include your name, Student ID, course details, or they could contain links that appear to relate to your classes or University systems. The phone calls or messages can appear to come from University ICT or faculty support teams.
For further information on behaviour to look out for and how you can protect yourself, visit our scams webpage.
The University is regularly targeted by email scammers (phishing) attempting to manipulate students and staff into providing confidential information.
We have established strong security controls to help protect you from receiving these types of fraudulent emails, but you may still be at risk.
Email protection at the University
Email is the University’s primary communication tool to send important messages to you as a student. It is also the most targeted communication channel for cyber threats and other malicious email attacks.
The University uses Mimecast to help protect your email account from a wide variety of these attacks.
It provides email protection through the scanning of all email links and URLs before allowing access to the link/URL. Emails found to contain potential junk / spam content, or malicious attachments aren't delivered directly to your email account. Instead they are held in a quarantine area.
If any emails have been quarantined, you will receive a daily email notification titled ‘Blocked Spam Notification’ to review the quarantine list, and decide whether to block, release or permit these emails. You can also review your list of quarantined emails at any time.
Mimecast will also scan file attachments and block any attachments deemed malicious. If an attachment is found to be malicious, it will be replaced with a Mimecast email message or completely blocked.
To learn more about how our email protection works, check our Service Now knowledge base article.
Phishing email techniques
The following techniques are often used in phishing emails.
- Urgency – this technique attempts to gather a user’s credentials or other confidential information by presenting a financial opportunity that they must act on quickly.
- Threat – messages will try to manipulate a recipient to resolve a bogus situation. These include blackmail or a financial penalty that will increase if the recipient does not respond, or that the recipient’s credentials have already been compromised.
- Curiosity – these fraudulent emails are crafted to attract attention and curiosity with a small amount of information and try and entice the recipient to click on a link to gather more information.
- Familiarity – messages will be designed to look like a large reliable brand or appear to come from a trusted source.
Examples of this may be where a sender:
- masquerades as government correspondence
- claims to be from your bank, asking for account information
- urgently prompts you to provide information or take unusual action
- offers extraordinary but unrealistic rewards
- uses publicly known personal and professional relationships.
How to recognise a phishing email
- Look carefully at the sender’s email address to make sure it is legitimate (is the organisation name correctly spelt or different in some way?).
- Scammers try to grab your attention by crafting a message that looks official, important or urgent and take advantage of your anxiety, concern or your willingness to help.
- Scam emails are designed to look genuine, and often directly copy the format used by the organisation the scammer is pretending to represent. This includes their branding, corporate stationery and logo.
- Never click on a link or attachment in an email unless you are sure that the URL is correct, or the attachment is safe. Scammers use this technique to trick you into:
- clicking a link that takes you to a fake website
- opening an attachment infected with malware that could infect your computer.
How to report a suspicious email
If you’re not sure whether an email is real or fake, you can report it through the ‘Report Message’ button in Outlook. You can also contact the University Shared Service Centre on 1800 SYD UNI (1800 793 864) or +61 2 8627 1444 (option 4 for ICT) or email ict.support@sydney.edu.au.