Phishing

How to protect yourself

You can protect yourself against phishing emails in various ways.

Check the sender’s address

Any correspondence from an organisation should come from an organisational e-mail address. If you take the time to examine the sender email address, you may find that it contains a variation which is intended to deceive (e.g. @ccsu.edu.au instead of @csu.edu.au)

Do not immediately click on links

Take the time to examine links before clicking on them. If you have reason to believe the email is not legitimate, don't trust the links in it either. Links tend to lead to phishing sites designed to steal your username and password.

Watch out for poor spelling and/or grammar

When an email from an organisation is received containing misspelled words or bad grammar, this is a sign that the email did not come from a legitimate source.

Confirm the sender's identity

If a sender’s email address appears to be valid but the message is unusual or asks you to do something you would not normally do, confirm that the sender is who they claim to be. This could be a phone call to substantiate the request.

If you've been tricked

If you find that you've been tricked by a phishing email, immediately change your university password. If you used the same password for multiple accounts, make sure you change the password for each account and never use that password in the future.

Passwords and PINs are only to be used by an authorised user and must not be:

shared with anyone under any circumstances, or
written down or recorded in physical or clear text electronic format.

For tips on how to spot a phishing email, visit StaySmartOnline – Phishing