How to protect your private information from phishing emails
17 October 2011
There have been occasions when hackers send fraudulent emails requesting University staff and students to "reset" their UniKey accounts or "re-validate" their email mailbox by clicking a link to an unauthorised website. These emails are generally known as 'phishing attacks' because they 'fish' for private information such as your user ID, password or banking details.
Phishing attacks are becoming more sophisticated so that the differences between an authorised and hoax email are subtle, making them more difficult to identify. To protect yourself from account compromises or identity theft, you should learn to recognise phishing emails.
Phishing emails often contain:
- Alarming tones and threat of account closure
- Bad grammar and misspellings
- Websites with an unusual web address or one similar to an official web address (eg "h ttp:/ /syd.ney.com.au/validate" - note the fullstop in the middle of the word 'sydney')
- Signatures or sender email addresses that resemble a University account
- More sophisticated attacks sometimes disguise the web address, so the text in the email might say 'http:/ /sydney.edu.au/email' but the link actually takes you to a different, external site. Sometimes these sites even take elements of the University website to make it look official.
Below is an example of a recent phishing email:
"Your mailbox has exceeded the storage limit which is 20GB as set by your administrator, you are currently running on 20.9GB, you may not be able to send or receive new mail until you re-validate your mailbox. To re-validate your mailbox please click the link http:/ /qu3hb.9hz.com
Do not respond to these emails and do not visit websites with an unusual or unfamiliar web address as they are normally designed to infect your computer with malicious software or trick you into providing private information such as logins, passwords and personal details.
Please be aware that the University would never ask you to provide private information by responding directly to an email. If we require your details or need you to confirm the validity of your UniKey account, we will ask you contact the ICT Helpdesk and speak to one of our staff.
If you receive a message soliciting private information, you should immediately contact the ICT Helpdesk on 9351 6000.
If you received a 'phishing' email similar to the above example, or if you think you may have already responded to such an email, you should reset your UniKey password and contact the ICT Helpdesk on 9351 6000.