Phishing is a method used by criminals to collect information-such as passwords or personal information-by masquerading as a trusted source.

Phishing emails and websites often show several signs that they're not legitimate including:


Unexpected email

Many phishing attempts begin by sending emails claiming to be from a bank, government agency or even unspecified helpdesks. They may direct you to a website, or ask for information to be submitted through an enclosed form. Legitimate organisations, including ANU, will not ask for this information in an email.

Poor spelling or grammar

Phishing emails and websites often use poor spelling and grammar, or show other signs of poor presentation. Professional organisations ensure emails sent to users are mistake free.

Unusual "From" addresses

Phishing emails can often be from nonsensical addresses at unrelated organisations, or they may use generic sounding addresses like Some targeted emails may even forge addresses from the organisations they're trying to impersonate.

A sense of urgency

Phishing emails try to invoke a sense of urgency by claiming your account has been accessed by someone else, will be closed if you don't reply, or that you're owed money.

"Lookalike" domains

Phishing websites may use domains that look like the one they're trying to impersonate-for example or instead of They may use images copied or linked from the real site, and often copy the entire look of the genuine organisation.

Lack of security certificates

Real sites, especially those involving logins or personal details, will use SSL certificates and https: connections. Fake sites often won't, or will use certificates that don't match the real site.

What to do

The most important thing is not to reply or click on any supplied links or open any attachments. ANU email filters should block most phishing email attempts. However if you do receive a suspicious email please forward the email with attachment to the Service Desk titled 'Suspected Spam'. 

If you belive you've been scammed please change your password immediatly at Identity and call the Service Desk for assistance.

Any email claiming to be from ANU should be reported to ANU IT Security immediately.