Protecting your private information from phishing emails

4 June 2012

There are occasions when hackers send fraudulent emails requesting University staff and students to 'reset' their UniKey accounts or 're-validate' their email mailbox by clicking a link to an unauthorised website. These emails 'fish' for private information such as your user ID, password or banking details.

Please note that the University of Sydney will never ask you to provide passwords or private information by email, or to directly respond to an email requiring personal details. If we require your details or need you to confirm the validity of your UniKey account, we will ask you to contact the ICT Helpdesk and speak to one of our staff.

Phishing emails often include:

  • Alarming tones and threat of account closure
  • Bad grammar and misspellings
  • Websites with an unusual web address or one similar to an official web address (eg "h ttp:/ /"
  • Signatures or sender email addresses that resemble a University account
  • More sophisticated attacks sometimes disguise the web address, so the text in the email might say 'http:/ /' but the link actually takes you to a different, external site. Sometimes these sites even take elements of the University website to make it look official.

Do not respond to these emails and do not visit websites with an unusual or unfamiliar web address.

If you have receivedand responded to a phishing email, you should reset your UniKey password by visiting the Ask Sydney - ICT website and contact the ICT Helpdesk on 9351 6000.