Email scams and phishing

The University receives more than two million emails every day. More than 95 per cent of these are malicious and do not get delivered as they can cause harm.

Use the following guides to learn how to protect yourself and the University from unwanted email scams.

What are email scams and phishing?

A scam email is an unsolicited email that claims the prospect of a bargain or something for nothing. Some scam emails ask for your business, others may invite you to a website with a detailed pitch. Email scams are designed to steal sensitive personal information and many victims have even lost life savings due to this type of fraud. Email scam is a form of email fraud.

A "phishing" scam is a fraudulent email used by scammers to solicit personal information such as your password or banking details. Phishing scams will masquerade as a legitimate business (such as the University) so they appear more convincing.

Scam emails often contain links and files that can harm your computer and steal your personal information. Avoid clicking on suspicious links or opening suspicious attachments in emails, even from people you know. Also remember that University IT will never ask you for you to provide or confirm your password via email.

Find out more information and see some examples of phishing messages.

What does Uni IT do?

University IT manages systems that are designed to identify and stop malicious emails before they enter the University network and ultimately end up in your inbox. While measures are taken to filter out the bad from the good, no filtering system can catch everything.

Follow the guidance on this page and always be cautious when opening email attachments or clicking on links.

How you can identify phishing emails?

Here are four simple tips and some real samples that will help you recognise a phishing scam.

Does the sender address look suspicious?

Emails sent from University staff, students or systems will always end in uwa.edu.au. Apply caution whenever you receive an email from someone outside of the University that is asking you to validate, confirm or update any personal details.

Scammers can also spoof the displayed sender information in an email, so if there is any doubt or you are not able to validate the sender, do not respond.

Does the email address you personally?

Scammers often distribute their spam and phishing emails to a large number of recipients for maximum effect. Email sent from legitimate businesses such as the University or your bank will be addressed to you individually.

Be cautious of any emails that are not specifically addressed to you and ask you to validate or provide any personal information.

Are you being asked to send personal information?

Email is not a safe way to send personal information. Legitimate businesses will never request personal information such as your password or credit card number in an email.

If you are asked to provide personal information, such as account passwords, by responding to an email or by clicking on a web link in an email be cautious and think before you click!

Does the email provide valid contact details?

Scammers often don't supply contact details in fear of reprisal. Any email from a legitimate business such as the University or your bank will give a telephone number and postal address. It never hurts to make sure a suspect email is authentic by telephoning the sender before replying or opening any attachments or links.

How to report email scams and phishing?

Owing to the high volume and continually evolving types of scam and phishing emails, it's possible that from time to time you may see one of these types of emails in your inbox.

If you believe an email looks suspicious, please report it using the ‘Report Message’ button within your Outlook menu bar. This will help train our systems and protect others from same threats.

From the Report Message dropdown, select how you wish reporting to be handled.

Junk

Junk should be selected for spam emails. Once selected, the email will be moved from your Inbox to your Junk Email folder and the spam filters will be updated to categorise any such future emails as Junk.

Phishing

Phishing should be selected for emails that look like phishing. Once selected, a copy of your message may be sent to Microsoft to help update our detection filters and the email will be moved from your Inbox to your Junk Email folder.

Not Junk

Not Junk should be selected if you receive a legitimate email from and known sender that is mistakenly marked as Junk. Once selected, this will move the message from the Junk Email folder to your Inbox.

Options

Options will allow you to choose whether emails are automatically sent to Microsoft when they’re reported as junk or phishing attempts. In order to help improve the efficiency of Junk and Phishing detected it is recommended that a copy of messages is sent to Microsoft.

If you do not see the Report Message button in your Outlook, forward it as an attachment to the University IT Service Desk with the subject line ‘Email SPAM Report’.

Quarantine email digest and portal

The Quarantine portal is an email security feature to further protect your UWA email and allow you to control unwanted spam, phishing and unsafe attachments. You will receive a Quarantine email digest from Microsoft every three days if there are emails held in your Quarantine.

The Quarantine portal page allows you to review/preview emails, block a sender or release legitimate emails that have been flagged as spam. Please note that malicious messages containing known viruses or malware will be automatically blocked and, in some instances, you may not be able to release such messages. If you require further assistance, please contact the IT Service Desk.