Email phishing is one of the most persistent threats targeting Australian universities.
Everyone in the UNSW community can play a vital part in defending against phishing threats. The more we understand phishing tactics and the psychological tricks behind them, the better we become at spotting suspicious messages before they cause harm.
Regular training and awareness help build confidence, so you know what to look for, question and report.
By reporting a suspicious email using the ‘Report Phish’ button in Outlook, you’ll activate UNSW’s phish analyser technology which immediately alerts our Cyber Security Operations team. They’ll investigate and automatically remove the threat from inboxes across the University.
Your single click on the ‘Report Phish’ button could stop an attack and protect thousands.
What is phishing?
Phishing is a form of social engineering, where cyber criminals impersonate trusted individuals or organisations to manipulate you into giving away sensitive information like passwords, credit card details or personal data. The content usually arrives in your inbox pretending to be something urgent or familiar.
Our security systems block many of these attacks, but cyber criminals are constantly refining their tactics. So we must be just as agile, alert and educated to keep pace with evolving threats.
Phishing targets the education sector
According to CyberCX’s latest Higher Education Industry Threat Report, Australian universities are a top three target for cyber attacks, alongside the healthcare and finance sectors. The key findings from the report are:
- Cyber extortion groups have successfully targeted at least five Australian education institutions recently.
- Universities are vulnerable to both criminal syndicates and state-sponsored actors.
- Phishing attacks can go unnoticed for months, with personal and academic data compromised in the meantime.
It’s a reminder that attackers aren’t just going after IT systems, they try to deceive students and staff.
What if you identify a suspicious email?
Before you click or reply, stop and ask yourself:
- Is it urgent, emotional or pressuring you to act quickly?
- Is it vague or oddly worded?
- Is it unexpected or just not quite right?
If you think it may be a phishing email, click the ‘Report Phish’ button in your Outlook toolbar.
Find the ‘Report Phish’ button by clicking ‘more information’ or the three dots in the top right-hand corner of your email.
Never engage with an email unless you're certain the sender is legitimate and never click on links or open attachments unless you trust both the sender and the content.
Systems rely on people
Integrated cloud systems like Proofpoint ICES, proactively detect and block most phishing threats before they reach your inbox. However, as phishing tactics evolve and scammers get better at circumventing cyber security systems, your awareness adds an essential layer of defence. Together, we can build system-supported cyber security resilience.
Learn more by taking the mandatory training, Security@UNSW, on Moodle.
- Log in to post comments