Students and staff should be aware that from time to time targeted scam emails are sent to university email addresses. These emails usually purport to be from a university help desk or email administration team. These scam emails are not restricted to UNSW. They are targeted to Australian and international universities, where the university name is changed depending on the university they are targeting.
- Why are these emails being sent?
- How do I recognise a fake university-targeted email?
- What should I do with these emails?
- How do I report a phishing or scam email?
- What if I clicked a link and entered my username and password?
- How do I recognise a genuine UNSW IT email?
Why are these emails being sent?
These emails are what are called ‘phishing’ emails. Phishing emails are intended to lure recipients into giving away sensitive information, such as account usernames and passwords, date of birth and even banking login and account details.The scammers then use this information to gain personal advantage or to scam other users. Some ways personal details can be used are:
- Use a compromised email account to send further phishing emails
- Gather email addresses from the user's email account for further phishing attacks
- Searching compromised email accounts for data such as bank and credit card details
- Using captured login details to access enterprise applications and data
- Selling captured infomation to other scammers for possible future identity theft
Giveaway details that it’s a fake email:
1. Contains a link to a website, or an attachment
- Contains a link to a web site requesting account information
- Contains an attachment requesting account information
2. The website or attachment asks for username and password
- The website accessed via the email link asks for sensitive information such as your username, password (even zPass) and, in some cases, your date of birth and full name
UNSW IT or IT Service Centre emails will NEVER contain a URL, link or attachment
We will NEVER ask for account information such as usernames and passwords, date of birth etc via a link in an email, or email attachment
UNSW IT broadcast emails regarding email products and password expiry notices do not contain links or attachments. For more on this topic view 'How do I recognise a genuine UNSW IT email?'.
Other signs its a fake:
Generic product and/or signature
- No mention of a specific UNSW product ie ‘UNSW Webmail’ is not a UNSW email product name
- Generic signature, eg ‘Technical Support Team’, ‘IT Service’, ‘Help Desk Team’ or 'Webmail Support Team’ etc (NOTE: some scam emails are now using 'IT Service Centre' signatures)
- No UNSW phone number in the signature (ie phone numbers beginning with 9385)
Urgency - ‘act now’ or other provocative messages
- "Your email account is over quota"
- "We've lost your account details"
- "Verify your account now"
- "If you do not provide account details we will block your account"
These messages often contain urgency and a threat - "supply account details or you'll lose access to your email account".
Offer of upgrade or complementary service - but only if you provide your account details
- "We are upgrading our mail service"
- "We are upgrading our database"
- "We are offering improved anti-spam or anti-phishing services"
- "If you do not provide account details will not updated your account"
No mention of UNSW brands, names or products
- UNSW-specific brand names such as zMail email. 'UNSW Webmail' is not a product name
- Has poor grammar and spelling mistakes
If you replied to the email or clicked a link and entered your UNSW username and password, you need to change your password immediately. You can do this by going to the UNSW Identity Manager web site, or phoning the IT Service Centre on 9385 1333.
IMPORTANT - if you use the same password for other logins such as Online Banking, you should change those passwords as well via their web sites, as an extra precaution.
- A signature containing ‘IT Service Centre’, ‘Service Management Office‘ or ‘UNSW IT’
- A contact phone number for the IT Service Centre - 9385 1333
- Mention of specific UNSW products such as Identity Manager (IDM), zMail, zPass or z number
UNSW IT will NEVER send the following in university-wide broadcast emails:
- Links to web sites, even our own web sites
- Attachments or forms to be filled in
- Requests to provide passwords or provide other personal information
- Requests that users ‘verify’ their accounts
For further information on any of the above issues, contact the IT Service Centre.