Skip to content
Curtin University
Curtin Information Technology Services (CITS)

Protecting yourself from email scammers

Curtin email addresses are often targeted by scammers sending spam and phishing emails. Such emails are designed to acquire sensitive information such as credit card numbers, usernames and passwords that can be used to conduct fraudulent activities.

Phishing emails often appear to be an email from your bank or your IT support area. Such emails usually ask you to click on a link, which takes you to an authentic-looking website that asks you to enter your username and password. However the website is usually a cleverly disguised fake that saves your username and password for later fraudulent use by the scammer.

A phishing email may stress the need for your urgent response, or offer an attractive reward, to encourage you to act immediately. However, if something appears too good to be true – it probably is. So beware – seek help from the CITS Service Desk if you are unsure about a particular email.

Some phishing emails may also include a booby-trapped attachment such as a ZIP file, a PDF or even a photo. Be very wary of such attachments – if you click a booby-trapped attachment a wide range of malicious activity can be performed on your computer, as well as on your I: and J: drives.

We all need to be vigilant to such attempts to steal our valuable personal information.

Protect yourself by checking links before clicking

If you are using a PC or Macintosh to read your email, a simple way to do a basic check of a web link is to move your mouse pointer over the link but without clicking it (this is called “hovering over” or “resting upon” the link).

When you do this, the real destination web page address will be displayed on the screen. This “hovering” step will enable you to make a more informed decision about whether a web link goes to a suspect web page. Phishing: Scammers: Press and Hold to reveal URL on some iOS devices (bottom only)Unfortunately it is not always possible to do this on devices with touch screens, but on iPads and iPhones you may be able to press and hold to reveal the destination – but test this with your device on a known link first.

As an example of how “hovering” can help, the link in a recent spam email actually pointed to a web site address like this: http://www.clubdecampomendoza.com/curtin.edu.au.htm. Anyone who had “hovered” over that link would have seen the unusual web page address and realised that it was a suspicious web site.

Email Scam: Outlook example - click to view larger image

So learn to “hover” before clicking; and if you are in any doubt, don’t click on the link.

Another indicator to look out for is a long web site link that has been compressed to make it short (eg http://bit.ly/1bgL0Bx), and therefore the real web page address may not be obvious. In such cases, you can expand the web link to a readable form using the website longurl.org. However, if you are not familiar with such services, please seek advice from the CITS Service Desk.

Protect your password by confirming authenticity of a website before entering information

CITS recommends that before entering your Curtin username and password to a web page, you always check that the web page is genuine and secure by following these three steps:

  • Ensure the web URL starts with https:// (if the “s” is missing the website could be suspect…)

    Scam Checking: 1 - click to view a larger image

  • Once you have clicked the link and the web page is displayed on the screen, make sure the padlock icon appears adjacent to the URL. This assures you that the website has security enabled. It may be on the right-hand side of the URL like the padlock below, or in other browsers, it may be on the left-hand side:

    Scam Checking: 1 - click to view a larger image

  • Click the padlock icon to double-check which organisation really owns the web page. If you browse to the examples below, clicking on the padlock clearly identifies the organisation owning each web page (Curtin and Concur Solutions respectively):

    Scam Checking: 3a - click to view a larger imageScam Checking: 3b - click to view a larger image

    If there is no “s” in https://, or if the “Website Identification” information shown by clicking the padlock doesn’t match the organisation you are expecting to see, please do not enter your Curtin username and password. Instead, seek advice from the CITS Service Desk.

Other Resources

There are many resources available from respected organisations that explain how to protect you from phishing attacks. Here are some examples:

Your Guide to Phishing (PayPal)
http://www.paypal.com/us/webapps/mpp/security/what-is-phishing
Anti-phishing protection (Symantec)
http://us.norton.com/security_response/phishing.jsp
The Phishing Guide
http://www.technicalinfo.net/papers/Phishing.html
Information from the ACCC about how to recognise, avoid and report scams
http://www.scamwatch.gov.au/content/index.phtml/tag/SpamOffers

CITS Recommendation

CITS provides the following advice on how to manage spam (or suspicious) email messages:

  • DO NOT click on any links, open any attachments, or respond to the sender
  • Forward the email to spam@curtin.edu.au and promptly delete it
  • Remain vigilant when using your computer as that is the best defence against fraudulent and/or mischievous activity.

If you opened any attachments or clicked on the links in the suspicious email, power down your computer and contact the CITS Service Desk immediately by phoning +61 8 9266 9000.

If you have any questions, or are unsure of the authenticity of an email, please contact the CITS Service Desk.