Being Safe in Email
The University receives in excess of 2 million emails every day. Unfortunately, some of these emails are malicious and can cause harm to you and the University.
A “phishing” scam is a fraudulent email used by scammers to solicit personal information such as your password or banking details. Phishing scams will masquerade as a legitimate business (such as the University) so they appear more convincing.
Did you know? A whopping 91% of all emails received by the University are spam!
(Updated September 2018)
Information Technology and Digital Services (ITDS) is seeing an alarming number of reported scam emails that impersonate University staff members.
How the scam works
- The scammer looks up the Staff Directory to identify a staff member of high standing (e.g., Vice Chancellor, Head of School)
- They create a fake Gmail email account in the staff member's name (e.g., firstname.lastname@example.org)
- They send a short message which begins with something like "Are you available?" or “I am in a meeting now and cannot call you. Can you do something for me?”
- When the victim responds, the attacker proceeds to instruct the victim to either (a) buy iTunes gift cards and send pictures of the redeem codes or (b) transfer money via MoneyGram.
How to detect and prevent these scams
- Please examine the sender name and address carefully. If it does not come from an @adelaide.edu.au email, do not trust the email.
- If in doubt call the person directly, or start a new email instead of hitting [Reply].
- Your Line Manager or Head of School will never ask you to buy iTunes gift cards or transfer money urgently.
- Please do not respond to suspicious emails. Report the email to email@example.com, or contact the Service Desk if you are in doubt.
Tips to help you recognise a phishing scam
Does the sender address look suspicious?
Emails sent from University staff members or students always end in adelaide.edu.au. Apply caution whenever you receive an email from someone outside of the University. Scam emails often contain links and files that can harm your computer and steal your personal information.
Scammers sometimes use hacked University email addresses to send phishing or spam emails. Avoid clicking on suspicious links in email, even from people you know.
Example of a phishing email with a suspicious email address:
Does the email address you personally?
Scammers often distribute their spam and phishing emails to a large number of recipients for maximum effect. Email sent from legitimate businesses such as the University or your bank will be addressed to you individually.
Example of an impersonal phishing email:
Are you being asked to send personal information?
Email is not a safe way to send personal information. Legitimate businesses such as the University or your bank will never request personal information such as your password or credit card number in an email message.
Personal information should only be supplied over the telephone or on a secure website that you trust. A secure connection prevents eavesdroppers from viewing your traffic as it travels across the internet. Every time you submit personal information such as your password or banking details, you should check to make sure the web address beings with https://. All University webpages that ask for personal information will provide a secure connection.
Example of a phishing email requesting personal information:
Does the email provide contact details?
Scammers often don’t supply contact details in fear of reprisal. Any email from a legitimate business such as the University or your bank will give a telephone number and postal address.
It never hurts to make sure a suspect email is authentic by telephoning the sender before replying or opening any attachments or links.
Example of a phishing email with not contact details:
Scammers rely on people replying to their scam attempts - it keeps them in business! If no one ever responded, scammers would cease to send out scams.
Did you know? Adobe Reader and Microsoft Word are popular formats for transporting viruses and other malicious software.
Tips to help you thwart scam emails
Stop and think before you click
Avoid clicking on suspicious links in emails. Scammers often add links to phishing and scam emails in an attempt to trick you into visiting a malicious webpage. Once there, you may be asked to enter your password, or a virus may be (surreptitiously) downloaded onto your computer.
Scammers can also attach infected files to their emails in an attempt to infect your machine.
Here are some basic tips to help you avoid visiting a malicious website:
- Hover your mouse over the link and check the "target" address
- Avoid clicking on email links - copy and paste the link into your web browser
- Never open a file you are not expecting. If in doubt, call the sender to make sure it was intended.
- Check to make sure links and attachments are clean by submitting them to VirusTotal
- If you have clicked on a link within an email purporting to be from the University, make sure the website's domain name ends in adelaide.edu.au
Never share private information such as your password
Never respond to phishing or spam emails
Around 95% of phishing and spam emails are blocked before they get a chance to enter our network.
To report a suspicious email
- use the PhishAlarm reporting button on your University Windows computer, or
- forward the email as an attachment to firstname.lastname@example.org
Using the Report Message button in Outlook
- Select the suspicious email to report in Outlook
- Click "Report Message" in the Outlook ribbon
- Click "Phishing"
- On the next screen click "Report"
- The email will now be reported and moved to your Junk!
While the cybersecurity team will investigate each reported email, you will not get a confirmation of whether the reported email was truly malicious. If you are uncertain if an email is malicious or legitimate, please contact the ITDS Service Desk on +61 8 8313 3000 for assistance.
To add an email as an attachment, please see the appropriate guide below
- Select the email message you wish to submit by clicking on it
- With the chosen email selected in the left column, select 'New' in the top left to compose a new email on the right
- When the 'new' email box appears, drag and drop the scam email from the left column into the new email on the right
- Address the e-mail to email@example.com and click Send
Microsoft Outlook 2016
- Select the e-mail message that you wish to submit.
- Using your mouse, right click (or Control + left click) on the e-mail message and select ‘Forward as Attachment’.
- Address the e-mail to firstname.lastname@example.org and click ‘Send’.
- Open the e-mail message you wish to submit.
- From the ‘Reply’ drop down menu, select ‘Show original’.
- You should see your e-mail message appear in plain-text format.
- From the ‘File’ menu in your web browser, select ‘Save As...’.
- In the ‘Save Webpage’ dialog, provide a file name for the e-mail message and Save as type ‘Text File (*.txt)’.
- Navigate to where you would like to store the e-mail message and then click the ‘Save’ button.
- From your inbox, select ‘Compose Mail’ and then ‘Attach a file’.
- Navigate to where you saved your e-mail message and click ‘Open’.
- Address the e-mail to email@example.com and click ‘Send’.