Being Safe in Email

The University receives a huge number of emails every day. Unfortunately, some of these emails are malicious and can cause harm to you and the University.

A “phishing” scam is a fraudulent email used by scammers to solicit personal information such as your password or banking details. Phishing scams will masquerade as a legitimate business (such as the University) so they appear more convincing. Scammers also regularly seek to capitalise on topical issues to trap people into responding.

Did you know?
Approximately 60% of all emails* received by the University are discarded at the gateway as spam, phishing or other unwanted email. The percentage of spam has even reached as high as 91 percent!

*statistic taken from June 2020

Important notice

Scam emails can be quite sophisticated, and may impersonate University staff members.

How the scam works

  • The scammer looks up the Staff Directory to identify a staff member of high standing (e.g., Vice Chancellor, Head of School)
  • They create a fake Gmail email account in the staff member's name (e.g., dr.john.smith1532@gmail.com)
  • They send a short message which begins with something like "Are you available?" or “I am in a meeting now and cannot call you. Can you do something for me?”
  • When the victim responds, the attacker proceeds to instruct the victim to either (a) buy iTunes gift cards and send pictures of the redeem codes or (b) transfer money via MoneyGram.

How to detect and prevent these scams

  • Please examine the sender name and address carefully. If it does not come from an @adelaide.edu.au email, do not trust the email.
  • If in doubt call the person directly, or start a new email instead of hitting [Reply].
  • Your Line Manager or Head of School will never ask you to buy iTunes gift cards or transfer money urgently.
  • Please do not respond to suspicious emails. Report the email to bad@mailguard.adelaide.edu.au, or contact the Service Desk if you are in doubt.

ITDS are seeing phishing emails which can be identified by a fake email address and a benign subject message to hook victims

 

Tips to help you recognise a phishing scam

    Expand

  • Does the sender address look suspicious?

    Emails sent from University staff members or students always end in adelaide.edu.au. Apply caution whenever you receive an email from someone outside of the University. Scam emails often contain links and files that can harm your computer and steal your personal information.

    Scammers sometimes use hacked University email addresses to send phishing or spam emails. Avoid clicking on suspicious links in email, even from people you know.

    Example of a phishing email with a suspicious email address:

    A phishing email can be identified by the sender's email address. Does it look suspicious?

  • Does the email address you personally?

    Scammers often distribute their spam and phishing emails to a large number of recipients for maximum effect. Email sent from legitimate businesses such as the University or your bank will be addressed to you individually.

    Example of an impersonal phishing email:

    Does the email address you personally? Apply caution if the email addresses a generic recipient such as Dear Sir/Madam, or Dear Customer

  • Are you being asked to send personal information?

    Email is not a safe way to send personal information. Legitimate businesses such as the University or your bank will never request personal information such as your password or credit card number in an email message.

    Personal information should only be supplied over the telephone or on a secure website that you trust. A secure connection prevents eavesdroppers from viewing your traffic as it travels across the internet. Every time you submit personal information such as your password or banking details, you should check to make sure the web address beings with https://. All University webpages that ask for personal information will provide a secure connection.

    Example of a phishing email requesting personal information:

    The University will never ask you to provide personal information over email

  • Does the email provide contact details?

    Scammers often don’t supply contact details in fear of reprisal. Any email from a legitimate business such as the University or your bank will give a telephone number and postal address.

    It never hurts to make sure a suspect email is authentic by telephoning the sender before replying or opening any attachments or links.

    Example of a phishing email with not contact details:

    Scammers often don't supply contact details in fear of reprisal

Scammers rely on people replying to their scam attempts - it keeps them in business! If no one ever responded, scammers would cease to send out scams.

Did you know? Adobe Reader and Microsoft Word are popular formats for transporting viruses and other malicious software.

Tips to help you thwart scam emails

    Expand

  • Stop and think before you click

    Avoid clicking on suspicious links in emails. Scammers often add links to phishing and scam emails in an attempt to trick you into visiting a malicious webpage. Once there, you may be asked to enter your password, or a virus may be (surreptitiously) downloaded onto your computer.

    Scammers can also attach infected files to their emails in an attempt to infect your machine.

    Here are some basic tips to help you avoid visiting a malicious website:

    • Hover your mouse over the link and check the "target" address
    • Avoid clicking on email links - copy and paste the link into your web browser
    • Never open a file you are not expecting. If in doubt, call the sender to make sure it was intended.
    • Check to make sure links and attachments are clean by submitting them to VirusTotal
    • If you have clicked on a link within an email purporting to be from the University, make sure the website's domain name  ends in adelaide.edu.au

  • Never share private information such as your password

    Your University password is your online key into the University. Just like your house key it should be carefully guarded. The University of Adelaide will never ask you for your password – even over the telephone.

  • Never respond to phishing or spam emails

    By responding to phishing or spam emails you let scammers know that their scam was delivered successfully. Scammers now know your email address is valid and exploit this by sending you more scams.

    Never respond to phishing or spam emails. Report any suspicious emails using the reporting suspicious emails advice.

Around 95% of phishing and spam emails are blocked before they get a chance to enter our network.

To report a suspicious email

Using the Report Message button in Outlook

Report message button in outlook
 
If you use Outlook on a standard University Windows computer, you now have a handy phishing reporting button called "Report Message". Using the Report Message button is easy!
 
  1. Select the suspicious email to report in Outlook
  2. Click "Report Message" in the Outlook ribbon
  3. Click "Phishing"
  4. On the next screen click "Report"
  5. The email will now be reported and moved to your Junk!

While the cybersecurity team will investigate each reported email, you will not get a confirmation of whether the reported email was truly malicious. If you are uncertain if an email is malicious or legitimate, please contact the ITDS Service Desk on +61 8 8313 3000 for assistance.

To add an email as an attachment, please see the appropriate guide below

    Expand
  • Office 365
    1. Select the email message you wish to submit by clicking on it
    2. With the chosen email selected in the left column, select 'New' in the top left to compose a new email on the right
    3. When the 'new' email box appears, drag and drop the scam email from the left column into the new email on the right
    4. Address the e-mail to bad@mailguard.adelaide.edu.au and click Send
  • Microsoft Outlook 2016
    1. Select the email message you wish to submit
    2. From the Home tab select the More button
    3. Select Forward as Attachment
    4. Address the e-mail to bad@mailguard.adelaide.edu.au and click Send
  • Apple Mail
    1. Select the e-mail message that you wish to submit.
    2. Using your mouse, right click (or Control + left click) on the e-mail message and select ‘Forward as Attachment’.
    3. Address the e-mail to bad@mailguard.adelaide.edu.au and click ‘Send’.
  • Mozilla Thunderbird
    1. Select the e-mail message you wish to submit.
    2. From the ‘Message’ menu, select ‘Forward As’ and then ‘Attachment’.
    3. Address the e-mail to bad@mailguard.adelaide.edu.au and click ‘Send’.
  • Google Gmail
    1. Open the e-mail message you wish to submit.
    2. From the ‘Reply’ drop down menu, select ‘Show original’.
      • You should see your e-mail message appear in plain-text format.
    3. From the ‘File’ menu in your web browser, select ‘Save As...’.
    4. In the ‘Save Webpage’ dialog, provide a file name for the e-mail message and Save as type ‘Text File (*.txt)’.
    5. Navigate to where you would like to store the e-mail message and then click the ‘Save’ button.
    6. From your inbox, select ‘Compose Mail’ and then ‘Attach a file’.
    7. Navigate to where you saved your e-mail message and click ‘Open’.
    8. Address the e-mail to bad@mailguard.adelaide.edu.au and click ‘Send’.