Phishing is a method used by criminals to collect information-such as passwords or personal information-by masquerading as a trusted source.
Phishing emails and websites often show several signs that they're not legitimate including:
Many phishing attempts begin by sending emails claiming to be from a bank, government agency or even unspecified helpdesks. They may direct you to a website, or ask for information to be submitted through an enclosed form. Legitimate organisations, including ANU, will not ask for this information in an email.
Poor spelling or grammar
Phishing emails and websites often use poor spelling and grammar, or show other signs of poor presentation. Professional organisations ensure emails sent to users are mistake free.
Unusual "From" addresses
Phishing emails can often be from nonsensical addresses at unrelated organisations, or they may use generic sounding addresses like firstname.lastname@example.org. Some targeted emails may even forge addresses from the organisations they're trying to impersonate.
A sense of urgency
Phishing emails try to invoke a sense of urgency by claiming your account has been accessed by someone else, will be closed if you don't reply, or that you're owed money.
Phishing websites may use domains that look like the one they're trying to impersonate-for example paypai.com or paypa1.com instead of paypal.com. They may use images copied or linked from the real site, and often copy the entire look of the genuine organisation.
Lack of security certificates
Real sites, especially those involving logins or personal details, will use SSL certificates and https: connections. Fake sites often won't, or will use certificates that don't match the real site.
What to do
The most important thing is not to reply or click on any supplied links or open any attachments. ANU email filters should block most phishing email attempts. However if you do receive a suspicious email please forward the email with attachment to the Service Desk titled 'Suspected Spam'.
If you belive you've been scammed please change your password immediatly at Identity and call the Service Desk for assistance.
Any email claiming to be from ANU should be reported to ANU IT Security immediately.