Phishing is the act of attempting to acquire information such as usernames, passwords and credit card details by sending an email which appears to be from a legitimate business, organisation or individual. Phishing emails most commonly direct you to click a link, go to a website and enter your details. The website often looks exactly the same as the legitimate one and has been set up to capture your username and password. Sometimes just clicking a malicious link can trigger the download of spyware to your computer. Spyware can be installed in the background without your knowledge so it can collect and transmit all your passwords and other personal details.
Unsolicited emails with attachments often contain viruses or other malicious files which are also designed to capture and transmit your information or allow scammers to access your computer when you are on the Internet. You should be alert to all of the threats which exist. According to ASIC 1 in 20 Australians fall victim to scams or personal fraud each year. Prevention is the best protection against scams, the more you know about phishing and scam attempts the less likely you are to be tricked into providing your details.
Falling victim to phishing emails can not only cause you problems but also the University. This is because compromised email accounts are used to keep distributing these unsolicited emails to more unsuspecting people. When other organisations detect large volumes of unsolicited emails coming from a particular organisation they blacklist it (block delivery) to protect themselves. This means even legitimate emails coming from an address in that organisation cannot get through.
The US Federal Trade Commission has created a great little quiz where you can use to test your likelihood of being caught by a phishing scam. It provides details for US organisations to follow up. See SCAMWatch and Where Can I Find More Information? for Australian organisations who can provide more advice and assistance.
The term phishing is a variant of fishing. It refers to emails being used as bait with the hopes that potential victims will bite by
Phishing emails can come in many forms and variants, they may impersonate
They use official looking logos, images, letterheads and language to trick you into believing it's real. They often have a sense of urgency and advise if you don't click the link you will
You should always be wary of any emails which ask for personal information. This includes prompting you to login to an account (CSU, personal email, online banking, Amazon or other online retailer, eBay, Paypal, online share portfolio etc)
Messages or websites phishing for information might ask you to enter
Legitimate businesses and organisations will never send unsolicited requests for information in this way. They already have your account information, they do not need you to verify it. Use the yellow pages to look up the business or organisation's phone number if you want to verify the authenticity of any electronic message (eg email, SMS or information on a website which seems suspicious).
A phishing website is one that has been set up to impersonate a legitimate website and capture information. They often look identical to the authentic website because scammers replicate the layout, colours, text and use logos and images they obtained from the real site.
If you are alert you can sometimes notice subtle differences in the URL (website address) of spoof websites. The legitimate URL of the Australian eBay account login page is https://signin.ebay.com.au
An example of a website URL trying to impersonate the Australian eBay login page is http://signin-ebay.com.au
Did you spot the differences? There are two. The legitimate eBay login page starts with https and has a full stop between the word signin and ebay. The spoof website starts with http and has a dash between signin and ebay.
Legitimate e-commerce sites use encryption to help keep your information safe. An address that starts with https indicates it's a secure site which uses encryption to transmit your login and financial details. Websites which use encryption display a lock symbol in the browser window. Clicking on the lock symbol allows you to verify that a security certificate was issued to that site which is a sign that it's a legitimate and trusted website.
SCAMwatch is a website setup by the Australian Competition and Consumer Commission (ACCC) to provide information to consumers and small businesses about how to recognise, avoid and report scams
You can sign up for email alerts from the Australian site staysmart online to keep up to date about a variety of topics including phishing, scams, fraud, hoaxes, identity theft, privacy and social media (Facebook, Google and Twitter).
You can report any phishing emails to
If the email or website tried to obtain your CSU details forward the email or send the URL to
Internet Explorer provides a SmartScreen Filter to help protect you from phishing websites, you can also use it to report a phishing website
If you have further questions or need to report a phishing email which attempted to obtain your CSU details contact the IT Service Desk.