Services

Fraudulent email (aka phishing)

The University recognises the serious risk that fraudulent email - or phishing - poses to members of the Deakin community. As with any type of fraud, these emails can be extremely damaging. This page provides further information about fraudulent emails - or phishing - in particular:

What is phishing?

Fraudulent email - or phishing - refers to emails that ask you (i.e. fish) for your personal and financial information; such as your bank account details, credit card numbers and other personal identity information.

How can these emails be identified?

These emails often appear to come from a legitimate source: a well known Internet Service Provider (ISP), an online payment service, bank or other reputable organisation.

The message usually states that you need to update or validate your account by clicking a link included in the body of the message. At some point, you may also be asked to provide your bank account information.

What risks do they pose?

These fraudulent emails normally have no affiliation with the organisations they claim to be from. Opening, replying or clicking the links provided in these emails can pose a serious security risk. Some of these include:

  • Identity theft: Once you provide your personal information in response to a fraudulent email, this information can be used to access your computer, emails you may have on ISP sites, financial accounts or secure loans in your name.
  • Virus infection/Trojan and Spyware: Some of these fraudulent emails include links that once clicked, download viruses to your computer. Trojan and Spyware are computer programs that conceal hidden programming which can record and re-transmit keystrokes or destroy data.
  • Ghost websites: emails can include links to fake sites which look authentic and are designed to lure you into divulging data by tempting you to log on.

back to top

What you can do to protect yourself against phishing?

If you receive an email that seems suspicious:

  • Do not reply! Even if you recognise the sender as a well known organisation, business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
  • Always access the organisation's website by typing the address into the browser.
  • Beware of any windows that 'pop up', particularly during an internet banking session and be very suspicious if it directs you to another website which then requests your customer identification or password.
  • Do not click the links provided in these emails, or cut and paste them into a browser. This may download viruses to your computer or at best confirm your email address.
  • Delete the email if you have no relationship with the apparent sender.
  • Never email your personal and financial information. email is not a secure method of communicating sensitive information.
    • Legitimate financial organisations never ask for sensitive information via email.
    • Avoid using passwords or PINs (Personal Identification Numbers) that are relevant to your personal situation.
  • Telephone numbers, postcodes, your name, name of a close relative and dates of birth can be simple to trace.
  • Do not open unsolicited attachments.
    • If you receive an attachment you are not expecting, we recommend that you confirm with the sender that they did indeed send the message and meant to send an attachment.
  • Use anti virus software and keep it updated to detect the latest viruses.
    • Updates and upgrades of the anti virus software is automatic on Phoenix workstations.
  • Update your operating system. Microsoft usually distributes monthly updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches.
    • Updates and upgrades of the operating system environment are automatic on Phoenix workstations.
  • Use only trusted and secure computers to access confidential sites like your internet banking account. Using publicly shared computers, such as those at internet cafes, is strongly discouraged.

What if you have already provided your personal information in response to a fraudulent email?

Contact the relevant organisation and report the content of your email and your actions to their security department.

back to top

Want to know more?

You can find further information on how to detect phishing sites from the Australian Government Stay Smart Online website. It includes a fantastic resource 'Factsheet 10 - How to detect phishing sites and steps to prevent being fooled by them' along with much more. If you get a few minutes, give the Phishing Quiz a whirl too.

Deakin University acknowledges the traditional land owners of present campus sites.

11th December 2012