A phishing email is a fraudulent message designed to trick you into revealing sensitive information, such as passwords, financial details, or other personal data. These emails are usually unsolicited, meaning you did not ask for them, and you were not expecting them, which helps the attacker catch you off guard. The term “phishing" comes from the idea that attackers are “fishing” for victims by using messages that look legitimate.
Phishing emails often try to create a sense of urgency or concern and may direct you to a fake login page that looks identical to a real website you trust, such as a bank, online service, or workplace system. When you enter your username and password on these counterfeit pages, the attackers capture your credentials and can then use them to access your accounts. Because these fake sites can be very convincing, it is important to double-check links and website addresses before entering any information.
Who is this available to
University of Otago staff and students.
How do I report phishing or spam emails
If you receive a phishing email asking for personal information such as usernames, passwords, bank details, or requesting payment in a threatening way:
- Report the email using Outlook's in-built report message add-in. If you are unsure how to use the report function in Outlook, follow the instructions on the Microsoft support website: Report phishing and suspicious emails in Outlook for admins
- If you are unsure if an email is legitimate, or whether a link or attachment is safe to click on, contact AskOtago for further guidance.
If you have already opened a link or file in an email, call AskOtago as soon as possible and disconnect your device from all internet networks.