The University of Otago's IT support staff will never ask for your password, and you should never provide your University (or any other) password to anyone.
Use the Report function in your email application for suspicious emails as this helps improve email security for everyone. IT Assurance and Cyber Security (ITACS) can view how many times an email has been reported University-wide, move selected emails to the Junk folder for everyone, or quarantine dangerous emails.
Phishing and spear phishing emails
A phishing email is one that tries to trick you into revealing sensitive information. They are unsolicited — you didn't ask for the email and you weren't expecting to receive it. The name "phishing" is given because the attackers are "fishing" for information in order to:
- Access your email account or bank details for fraudulent or illegal purposes
- Elicit private information, such as usernames and passwords, credit card numbers, or home addresses
The phishing email may:
- Ask you to visit a website via a link
- Contain basic spelling or grammatical errors (but still look like an official email)
- Sound threatening or urgent
Spear phishing emails are specifically directed to an organisation (e.g. the University of Otago), and often claim to be from local IT support staff, or a senior staff member. A common example of this is the emails requesting the recipient purchase iTunes vouchers for the sender.
Don't feed the phish:
- Never reply to an email requesting your password
- Spelling, grammar, and formatting can show that the email is not legitimate. Phishers are often bad at them
- Phishers use generic greetings (dear customer, etc.) rather than your name
- Phishers often pretend to be a senior person wanting you to take urgent action outside of normal communication channels
- Don't click unexpected links. Watch out for attachments that look too interesting to be true, totally unexpected, or not relevant to your role
- Always check the URL:
- Good: https://otago.ac.nz/about/welcome
- Bad: http://otago.webs.com/about/welcome
If you're uncertain about responding to an email, don't reply. If you receive a phishing email that appears to come from the University of Otago, don't open any attachments or click on any links. Report it to AskOtago immediately. Refer to the related article: Report phishing emails for instructions.
Spam
Spam is email that:
- Is not welcome or relevant
- Is sent to many people
- Often tries to sell you something
Most of the spam sent to University of Otago domains is intercepted by the University's anti-spam systems and forwarded to your Junk or Spam folder. You can often easily recognise spam without even opening an email by reading the message's subject line.
If the occasional spam email appears in your mailbox you don't need to report the message. However, you should contact AskOtago if:
- A large number of spam emails arrives in your Inbox instead of being sent to your Junk or Spam folder
- You think that your email address is being used to send spam
There are different types of spam, and while most spam emails won't harm your computer, they may contain links or attachments which do. If you are unsure if an email is legitimate, or whether a link or attachment is safe to click on, you can contact AskOtago for further advice.
Some spam emails may ask for personal information such as usernames and passwords, or bank details, or may even contain a threatening request for a payment. If you receive such an email, report this to AskOtago as soon as possible. Refer to the related article: Report phishing emails for instructions.