Email scams and phishing

The University receives more than two million emails every day. More than 95 per cent of these are malicious and do not get delivered as they can cause harm.

Use the following guides to learn how to protect yourself and the University from unwanted email scams.

What are email scams and phishing?

A scam email is an unsolicited email that claims the prospect of a bargain or something for nothing. Some scam emails ask for your business, others may invite you to a website with a detailed pitch. Email scams are designed to steal sensitive personal information and many victims have even lost life savings due to this type of fraud. Email scam is a form of email fraud.

A "phishing" scam is a fraudulent email used by scammers to solicit personal information such as your password or banking details. Phishing scams will masquerade as a legitimate business (such as the University) so they appear more convincing.

Scam emails often contain links and files that can harm your computer and steal your personal information. Avoid clicking on suspicious links or opening suspicious attachments in emails, even from people you know. Also remember that University IT will never ask you for you to provide or confirm your password via email. 

Find out more information and see some examples of phishing messages.

What does Uni IT do?

University IT manages systems that are designed to identify and stop malicious emails before they enter the University network and ultimately end up in your inbox. While measures are taken to filter out the bad from the good, no filtering system can catch everything.

Learn more about how UWA is controlling SPAM

Follow the guidance on this page and always be cautious when opening email attachments or clicking on links.

How you can identify phishing emails

Here are four simple tips and some real samples that will help you recognise a phishing scam.

Does the sender address look suspicious?

Emails sent from University staff, students or systems will always end in uwa.edu.au. Apply caution whenever you receive an email from someone outside of the University that is asking you to validate, confirm or update any personal details.

Scammers can also spoof the displayed sender information in an email, so if there is any doubt or you are not able to validate the sender, do not respond.

Does the email address you personally?

Scammers often distribute their spam and phishing emails to a large number of recipients for maximum effect. Email sent from legitimate businesses such as the University or your bank will be addressed to you individually.

Be cautious of any emails that are not specifically addressed to you and ask you to validate or provide any personal information.

Are you being asked to send personal information?

Email is not a safe way to send personal information. Legitimate businesses will never request personal information such as your password or credit card number in an email.

If you are asked to provide personal information, such as account passwords, by responding to an email or by clicking on a web link in an email be cautious and think before you click!

Does the email provide valid contact details?

Scammers often don't supply contact details in fear of reprisal. Any email from a legitimate business such as the University or your bank will give a telephone number and postal address. It never hurts to make sure a suspect email is authentic by telephoning the sender before replying or opening any attachments or links.

How to report email scams and phishing

Owing to the high volume and continually evolving types of scam and phishing emails, it's possible that from time to time you may see one of these types of emails in your inbox.

If you believe an email looks suspicious, report it using the ‘Report Phish’ button within the Outlook menu bar. If you do not see this button in Outlook, forward it as an attachment to the University IT Service Desk with the subject line 'Email SPAM Report'.