Phishing

Phishing is a method used by criminals to collect information-such as passwords or personal information-by masquerading as a trusted source.

Phishing emails and websites often show several signs that they're not legitimate including:

Phishing

Unexpected email

Many phishing attempts begin by sending emails claiming to be from a bank, government agency or even unspecified helpdesks. They may direct you to a website, or ask for information to be submitted through an enclosed form. Legitimate organisations, including ANU, will not ask for this information in an email.

Poor spelling or grammar

Phishing emails and websites often use poor spelling and grammar, or show other signs of poor presentation. Professional organisations ensure emails sent to users are mistake free.

Unusual "From" addresses

Phishing emails can often be from nonsensical addresses at unrelated organisations, or they may use generic sounding addresses like email@support.com. Some targeted emails may even forge addresses from the organisations they're trying to impersonate.

A sense of urgency

Phishing emails try to invoke a sense of urgency by claiming your account has been accessed by someone else, will be closed if you don't reply, or that you're owed money.

"Lookalike" domains

Phishing websites may use domains that look like the one they're trying to impersonate-for example paypai.com or paypa1.com instead of paypal.com. They may use images copied or linked from the real site, and often copy the entire look of the genuine organisation.

Lack of security certificates

Real sites, especially those involving logins or personal details, will use SSL certificates and https: connections. Fake sites often won't, or will use certificates that don't match the real site.

What to do

The most important thing is not to reply or click on any supplied links or open any attachments. ANU email filters should block most phishing email attempts. However if you do receive a suspicious email, please report the email as phishing or SPAM through your Outlook.

If you believe you've been scammed or clicked on any links/attachments that you believe to be phishing, please:

  1. report to ANU IT Security
  2. change your password immediately at Identity (call the Service Desk for assistance)

Any email claiming to be from ANU should be reported to ANU IT Security immediately.