Identifying phishing emails

4 March 2014

There are occasions when hackers send fraudulent emails to trick you into providing private information such as your login, password or bank details or infect your computer with malicious software.

Known as "phishing emails", they often contain:

  • Alarming tones
  • Threat of account closure or updates
  • Bad grammar and misspellings
  • Websites with an unusual web address or one similar to an official web address (eg "h ttp:/ /"
  • Signatures or sender email addresses that resemble a University account
  • More sophisticated attacks sometimes disguise the web address, so the text in the email might say 'http:/ /' but the link actually takes you to a different, external site. Sometimes these sites even take elements of the University website to make it look official.

If you identify a phishing email, please do not respond. If you think you may have already responded to such an email, you should change your UniKey password and contact the ICT Helpdesk on 9351 6000.

Remember: the University of Sydney will never ask you to provide passwords or private information by email, or to directly respond to an email requiring personal details. If we require your details or need you to confirm the validity of your UniKey account, we will ask you to contact the ICT Helpdesk and speak to one of our staff.