Phishing scams – how to spot them and what to do
Phishing (pronounced ‘fishing’) is a technique used by hackers and other cyber-criminals to trick people into giving over personal details or taking an action often over email.
A phishing scam might ask you for login information, get you to open an attachment, or even pay an invoice or bill. These cyber-criminals spend a lot of time setting up lures and scams, making them look convincing and legitimate.
Most modern email providers like UC’s own email system, Gmail, Office365, Outlook and Yahoo have filters to stop phishing and spam email from getting through, but some still do and the best protection is awareness.
Basic tips to spotting a scam
Go through these checks before opening an email that you weren’t expecting to receive.
- Is the spelling and grammar in the message correct?
- Does the link and the text match - hover your mouse over the link and you will see what the link really is.
- Does the email urge you to take immediate action?
- Does the email address of the sender look reasonable compared to the content of the email?
- Look at the salutation does it say ‘Dear Customer’?
- Look at the signature, a lack of detail for the person or company suggests phishing.
- Are you expecting an email from that sender?
- Is the message asking you to do something unusual? e.g. buy iTunes cards
Next steps after identifying a phishing scam
If you think you have received a phishing email or spam:
- Delete it.
- Report it. If it’s been sent to you by someone at UC, they might not know their account has been used to send bad stuff.
- Create a new email, addressed to email@example.com
- Drag the phishing email from your email inbox and drop it onto the new email message. This adds the phishing email as an attachment to the new email and is an important step because ITS need the internet header of the scam email.
If the message and request look legitimate:
- Go to the website of the service, (not by clicking a link in the email), then log in and see if you have any messages.
- If it is someone you know sharing a file or link with you, contact the person (in a new email) and ask them.
- If you’re not sure, treat the email with caution and report it.
The personal cost of phishing scams
Hackers and cyber-criminals can do amazing things with access to everything on your device or your personal credentials which can take a massive toll on your personal and professional life.
- Your data or files could be deleted, encrypted or held at ransom
- You could lose access to your bank account, have purchases billed to you or credit cards and loans opened in your name.
- You could become a victim of tax fraud.
- You could lose access to your social media accounts and be locked out of apps.
- Your device could be used to spread malware to your colleagues, family, and friends.
Phishing scams in different formats
Phishing scams don’t only target email systems. You can also be phished through text, other messaging services or by phone call for instance. The same as email phishing scams, if you receive one, don’t follow the link, give out personal information or respond, report it and delete it.
The best protection against phishing scams is awareness. Question unexpected messages, report and delete them if they are suspicious. If you think you have been a victim of identity theft these organisations provide advice.
How to Report a Cybersecurity Incident
Log a ticket
on the IT Self Service portal
Visit the IT Service Desk
located in the Central Library
Email us on firstname.lastname@example.org
with the phishing email attached and ensuring header of scam email is included
Ring the IT Service Desk
0508 UC IT HELP (0508 824 843) or
03 369 5000