Phishing email warning
1 May 2014
There have been several occasions recently where hackers and scammers have sent fraudulent emails asking University staff and students to 'reset' their UniKey accounts or 're-validate' their email mailbox by clicking a link to an unauthorised website. These emails are generally known as 'phishing attacks' because they 'fish' for sensitive information such as usernames and passwords.
The most recent scam phishing email was sent to a large number of University staff on Tuesday 29 April. If you received this email, clicked the link and entered your details, please reset your password immediately. You can reset your password by visiting sydney.edu.au/resetpassword. If you are unable to reset your password, or require assistance, please contact the ICT helpdesk on 02 9351 6000.
The following is a list of characteristics that may help you identify fraudulent emails:
- in many cases, the email will not come from an @sydney.edu.au account
- the email may contain a large number of grammatical errors
- the website link does not take you to a sydney.edu.au web address
- the sender may refer to your email as a 'usyd.edu account', which is incorrect
- the email may refer to the 'usyd.edu! helpdesk' or a variation of this, which is also incorrect (we will refer to the ICT helpdesk).
If we require your details or need you to confirm the validity of your UniKey account, we will ask you to contact the ICT helpdesk and speak to one of our staff.
More information about identifying phishing attacks can be found on the Ask Sydney - ICT website.