For Staff> IT Security> Phishing emails

Beware of scam or 'phishing' emails

Fake university-targeted emails

Students and staff should be aware that from time to time targeted scam emails are sent to university email addresses. These emails usually purport to be from a university help desk or email administration team. These scam emails are not restricted to UNSW. They are targeted to Australian and international universities, where the university name is changed depending on the university they are targeting.

Why are these emails being sent?

These emails are what are called ‘phishing’ emails. Phishing emails are intended to lure recipients into giving away sensitive information, such as account usernames and passwords, date of birth and even banking login and account details.

The scammers then use this information to gain personal advantage or to scam other users. Some ways personal details can be used are:

  • Use a compromised email account to send further phishing emails
  • Gather email addresses from the user's email account for further phishing attacks
  • Searching compromised email accounts for data such as bank and credit card details
  • Using captured login details to access enterprise applications and data
  • Selling captured infomation to other scammers for possible future identity theft

How do I recognise a fake university-targeted email?

Some phishing emails look quite generic, meaning they hardly mention UNSW, while more sophisticated versions of late are starting to mention UNSW, zPass and the IT Service Centre. The biggest giveaway is the inclusion of a link to an external website or forms website such as a Google docs. Others may include an attachment to be filled in and returned.

Giveaway details that it’s a fake email:

1. Contains a link to a website, or an attachment

  • Contains a link to a web site requesting account information
  • Contains an attachment requesting account information

2. The website or attachment asks for username and password

  • The website accessed via the email link asks for sensitive information such as your username, password (even zPass) and, in some cases, your date of birth and full name

UNSW IT or IT Service Centre emails will NEVER contain a URL, link or attachment

We will NEVER ask for account information such as usernames and passwords, date of birth etc via a link in an email, or email attachment

UNSW IT broadcast emails regarding email products and password expiry notices do not contain links or attachments. For more on this topic view 'How do I recognise a genuine UNSW IT email?'.

Other signs its a fake:

Generic product and/or signature

  • No mention of a specific UNSW product ie ‘UNSW Webmail’ is not a UNSW email product name
  • Generic signature, eg ‘Technical Support Team’, ‘IT Service’, ‘Help Desk Team’ or 'Webmail Support Team’ etc (NOTE: some scam emails are now using 'IT Service Centre' signatures)
  • No UNSW phone number in the signature (ie phone numbers beginning with 9385)

Urgency - ‘act now’ or other provocative messages

  • "Your email account is over quota"
  • "We've lost your account details"
  • "Verify your account now"
  • "If you do not provide account details we will block your account"

These messages often contain urgency and a threat - "supply account details or you'll lose access to your email account".

Offer of upgrade or complementary service - but only if you provide your account details

  • "We are upgrading our mail service"
  • "We are upgrading our database"
  • "We are offering improved anti-spam or anti-phishing services"
  • "If you do not provide account details will not updated your account"

No mention of UNSW brands, names or products

  • UNSW-specific brand names such as zMail email. 'UNSW Webmail' is not a product name

Miscellaneous

  • Has poor grammar and spelling mistakes

What should I do with these emails?

Once you recognise or suspect an email to be a fake, don’t click on any of its links - just delete it. UNSW will NEVER suspend an email account or other service based on a single email, so there is not risk in deleting a single email. If you are ever unsure, contact the IT Service Centre.

How do I report a phishing, or scam email?

If you recognise or suspect an email of being a phishing email, forward the email to the IT Service Centre.

What if I clicked a link and entered my username and password?

If you replied to the email or clicked a link and entered your UNSW username and password, you need to change your password immediately. You can do this by going to the UNSW Identity Manager web site, or phoning the IT Service Centre on 9385 1333.

IMPORTANT - if you use the same password for other logins such as Online Banking, you should change those passwords as well via their web sites, as an extra precaution.

How do I recognise a genuine UNSW IT email?

From time to time UNSW IT will send out emails to UNSW staff and students. These emails will always contain ALL of the following:

  • A signature containing ‘IT Service Centre’, ‘Service Management Office‘ or ‘UNSW IT’
  • A contact phone number for the IT Service Centre - 9385 1333
  • Mention of specific UNSW products such as Identity Manager (IDM), zMail, zPass or z number

UNSW IT will NEVER send the following in university-wide broadcast emails:

  • Links to web sites, even our own web sites
  • Attachments or forms to be filled in
  • Requests to provide passwords or provide other personal information
  • Requests that users ‘verify’ their accounts

For further information on any of the above issues, contact the IT Service Centre.