Fraudulent attempts to get money from people have proliferated with the increasing use of emails.

  1. Common scams
  2. Sending spam
  3. Fake virus emails
  4. Phishing scam
  5. Reporting scams
  6. Further information

Common scams

Nigerian scam

Most frequently seen are the so-called Nigerian scam and the "Bank detail confirmation" scam.

The Nigerian scam asks you to send them money, in order that they can get more money out of their country. These are so common that it is best to just delete and ignore.

There are many "bank account" details scams. An official looking email arrives telling you to click on a link to update or confirm your bank account details (often the given reason is for security reasons). Never trust an email that comes to you unannounced from your bank requesting you to log onto a website. It is very easy to disguise where a link in an email takes you.

For example:

www.commonwealthbank.com.au

looks like it should take you to the Commonwealth Bank site, but may actually take you to:

http://badguys.steal.money.somewhere/.

Back to top

Chain letter spam

This is an offshoot of traditional paper mail chain letters, asking recipient to forward the email to other email addresses, either threatening dire consequences if not passed on, or promising a donation or payment.

These emails are a nuisance mail that clogs up inboxes.

Simply delete the message. If you know the sender, you may like to let them know that they perpetuating a spam.

Back to top

Petitions spam

Email petitions don't work. It is not possible to track the number of people who have read an email, and it is too easy to fake results.

Any message requesting you add your email to the bottom of a list and send it on potentially exposes you to further spamming.

Back to top

Advertising spam

Spam originated as people trying to sell things via email. Any email that you have not specifically requested from a company, should be treated as spam and deleted.

Unless you requested the email in the first place, do not follow any kind of "remove me from your list" instructions, as this merely lets the spammer know your email account is actively being read, which will result in more spam being sent to that address.

Back to top

Sending spam

Messages warning you that you are sending out spam should be treated with caution, as there are a number of fake emails in circulation. Signs that the email is not legitimate are:

  • Poor grammar or spelling (not a definitive sign as Support staff are fallible)
  • If it asks you to follow instruction contained in an attachment.

If you are unsure of the legitimacy of an email, forward the email and your question to the self-service Service Desk.

Back to top

Fake virus emails

The panic caused by computer viruses has also led to "hoax" virus messages. These typically claim that a file on your computer has a virus, and you should search for this file and delete it. Always check with IS staff if you think you may have a virus.

Hoaxes are warnings of non-existent viruses, but they can still be disruptive as they persuade people to forward the messages to many others, or sometimes to delete files from their computers.

There is a useful list of real and hoax viruses on the Snopes website. Anti-viral software helps, but be aware that there is always a delay between new viruses appearing and the software identifying them so any unusual email should still be treated with suspicion.

Back to top

Phishing scam

UWA's Computer and Software Use Regulations state that: "A person shall not divulge a password or code enabling access to a facility". "A breach of these regulations shall be... a breach of the terms of the contract of employment of any employee of the University".

Do not divulge your password to anyone. No-one is authorised to ask this of you or to supply it to you. If your work practices require you to give your password to someone or for you to log on as someone else, please contact IS for advice.

UWA is often targeted by scam emails, known as 'phishing' scams, which masquerade as emails coming from a UWA IT department. These emails attempt to get UWA staff and students to email or enter their UWA username and password, under some pretext, such as your account needing to be confirmed or migrated. Such emails are fake, and should not be responded to or acted on.

If you divulge your account details in this way, the scammers take control of your email account and use it to send out spam. When spam is sent out from UWA email accounts, UWA is blacklisted world-wide so UWA staff and students can no longer send email from their UWA email address to other locations.

Some of these scams are very clever and seem to be aware of activities at UWA, such as the migration of staff mailboxes to the new Email and Calendaring Service (ECS).

The following guidelines will help identify whether what you have received is real or a scam. If in any doubt, please contact the self-service Service Desk.

Guidelines

No UWA department will ever ask for username and password details to be emailed. Therefore NEVER reply to an email that asks for username and password.

Requests to go to a webpage are not always fake. You WILL occasionally receive valid reminders of password expiries for the various systems you use, and these may include a link to enable you to make that change.

It is recommended that early in your UWA career, you bookmark relevant password-change pages and always use your own bookmarks/favorites for future changes rather than clicking links in an email. Check with your local IT staff as to which pages are relevant to you.

Example:

If you are not already familiar with the Pheme page, go to any trusted UWA page and use the Search facility on the right under the UWA banner, to search for Pheme. The topmost result link will take you to the Pheme web site. Note the look of the page and bookmark it for future use.

Use the same technique, to find other relevant password-change pages.

If you think the email is legitimate and you do click on a link to a webpage, before you enter your username/password, check the following:

The page should be clearly branded as UWA: look for the UWA logo at the top left. Its presence is not a guarantee that the page is safe, but its absence is an indication of a scam.

But some scam emails will take you to a webpage that replicates a real UWA page. Check the address of the page in the address bar at the top: it should have uwa.edu.au before the first single /

Examples of recent fake pages:

  • http://www.substanceabuserelief.com/images/uwa.edu.au.htm
  • http://www.diyfurnace.com/taylorscomuter/taylors%20pictures!/uwa.edu.au.htm

(Note that they include uwa.edu.au at the end - real UWA sites all have that near the beginning).

If possible, even if you think the email is legitimate, avoid clicking links - instead, type the address into your web browser.

Please contact your local IT support staff for more guidance or if you have any concerns about a message.

Back to top

Reporting scams/spam

If you wish to report a scam or spam email, please forward the email in question to our Service desk - we'll be able to use the email itself to stop any further occurances.

Back to top