What is phishing?
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal person information, such as passwords and credit card numbers, online.
Business Technology and Information Services regularly receives reports from staff and students receiving bogus emails requesting information about passwords and email accounts. If you ever receive such an email regarding any of your UWA accounts (Webmail, ECS, Pheme, etc.) then please do not respond. These emails request users to confirm their email addresses by replying with their usernames and passwords, or by following a link to input this information. These are known as 'phishing' scams, and originate from spammers outside UWA.Phishing emails are fake and should be ignored. Replying to any of these may result in your account being hijacked by spammers, to send out more SPAM. UWA will never ask you to send your password in an unsolicited email.
Phishing email examplesWhile all efforts are made to try and stop these bogus phishing email from reaching our staff and students, some still pass through our checks undetected. Once we are aware of the details of a Phishing scam, we will block these emails from entering our system.
All staff and students must be vigilant when dealing with emails. Scammers are becoming increasingly sophisticated at imitating legitimate requests, such as advising users that mail storage limits are about to breach or passwords are expiring.
You should always be mindful when following any links within an email. Please note that we will never ask for your Password via email or to confirm your password via email.
Below we have included some recent examples of such bogus phishing emails which are designed to trick you into providing your personal information to scammers.
- Email: Example A
- Email: Example B
- Email: Example C
- Email: Example D
- Email: Example E
- Email: Example F
Phishing site examples
The above phishing emails will often ask that you click on a web link to validate or update your details. These links will than take you to an external web page in an attempt to trick you into providing your personal information.
You can often verify the authenticity of a link by hovering your mouse over it without clicking it. This will reveal the actual address the link will direct you to, allowing you to see whether it is a valid uwa.edu.au destination.
If there is ever any doubt, do not click any such link, and phone your local IT support to verify the authenticity of the notice.
Below we have included some recent examples of bogus phishing sites that you may be taken to if you click on a link within a phishing email.
- Website: Example A
- Website: Example B
- Website: Example C
- Website: Example D
- Website: Example E
- Website: Example F
Reporting phishing emails
If you receive of one these emails, please report the matter to your Faculty Service Desk, or directly to BITS by emailing the BITS Service Desk or by creating an Incident through the Service Desk. Please attach the email in question so we can report it for blocking, and ensure the external sites are removed.
In addition to email phishing mentioned above, there have been reports of callers masquerading as IT support officers, and banking/investment salespeople (from, or affiliated with, the University), who attempt to solicit personal information from UWA staff. Historically, these callers obtain a list of valid UWA phone numbers from the contact directory, and simply go through the faculties/departments and target anyone who answers the phone.
As is the case with many unsolicited calls, they'll typically originate from a international number, so checking caller ID is an advised first step. If you're still unsure of the validity of the call, request the number that they can be reached on; if the call does indeed originate from the University, then they should be able to provide you with an extension to ring, as opposed to an external line.
Lastly, it's unlikely that the caller will have any of your personal information past what's publicly viewable on the contact directory, and as such, it's important not to volunteer anything further; especially if you have reason to question the legitimacy of the call.
BITS has a notification system alerting staff and students to new phishing scams. If you receive one of these scam emails compare it with scams already notified, or contact IT support staff.
Do not reply to the phishing emails, even to ask if they are authentic, as this confirms your email address to the spammers as being an active address, possibly resulting in an increase in spam sent to your account.
If you have replied to one of these messages, please change your account password as soon as possible, to prevent your account becoming compromised.