Email security and suspicious emails

Suspicious or unsolicited emails can be used to steal your electronic identity to compromise your personal information or access your computer system

If you receive an email that threatens to remove your account or makes you suspicious for any reason, report it to the IT Security team.

The University and Infrastructure Services – IT Service Centre will never:

  • ask you to send your password via email
  • contact you from a non-University email address.

WHAT TO DO WITH SUSPICIOUS EMAILS

Follow these basic principles when dealing with unsolicited or suspicious email:

  • If an email looks suspicious, it probably is. If you do not recognise the sender, ignore and/or delete it.
  • Never reply to suspicious emails.
  • Never forward suspicious emails to others.
  • Never send your password or sensitive, personal or confidential information via email.
  • Never click links in suspicious emails. Copy or type links into your Internet browser. Any email that directs you to change your password should always have the words 'unimelb.edu.au' before the third '/' - e.g. https://accounts.unimelb.edu.au/
  • Never click or download attachments in suspicious emails.
  • If you're unsure whether an email is suspicious, contact the Infrastructure Services – IT Service Centre or contact the sender to confirm whether or not they sent it.

PHISHING SCAMS

  • Phishing scams are targeted scams that attempt to trick you into giving away your username and password.
  • Phishing emails regularly use the words below in their subject line.
  • Always be suspicious of emails asking to 'verify' or 'upgrade' your account.
  • Also be suspicious of emails saying that you have been detected as logging in from a random country.
  • Using ALL CAPITAL LETTERS is an indicator that the email may not be legitimate.
  • Phishing emails often give you an ultimatum, e.g. 'Verify your account or permanently lose it'.
  • They also often give a very short time in which to act or respond.
  • Strange 'Reply-To' addresses are often an indication that it is suspicious.

Recent phishing scam emails have been received by University staff and students with the following subject lines:

  • 'UPGRADE YOUR ACCOUNT NOW'
  • 'VERIFY YOUR EMAIL ACCOUNT NOW'
  • 'Verify Your Unimelb Account Now'
  • 'Confirm Your E-mail Address'
  • 'CONFIRM YOUR E-MAIL IMMEDIATELY'
  • 'Confirm Your Webmail Account'
  • 'UPGRADE YOUR WEBMAIL ACCOUNT NOW'
  • 'Dear unimelb.edu.au Email Account Owner'
  • 'Please Verify Your Email Address'.

The following are not University email or web addresses, so you should never reply to them:

  • 'support.unimelb@gmail'
  • 'unimelb.helpdesk'
  • 'custormercareservicehelpdesk@y7mail.com'
  • 'help.deskgroup2@gmail.com'
  • 'unimelbourne@australiamail.com'.

Report a suspicious email