Skip to main content
Start of main content.

Phishing

What is phishing? 

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and financial details, or to convince victims to make some financial transfer (e.g. gift cards), by masquerading as a trustworthy entity, website or a known sender.  The messages are often highly personalised and relevant, and can be sent through a legitimate, albeit hacked, account. 

Why is Phishing a problem? 

Bond University has a large user base and is an attractive target for cyber criminals.  The most common phishing attacks will deceive you in to submitting your username and password.  Once the attacker has your credentials they will comb through your inbox, sent items, deleted items etc. to glean any information that will enable financial fraud.  The attacker now in control of your email account may contact payroll and request your bank details are updated.  The attacker may also use your email account to intercept invoices in order to modify bank details on an invoice, unbeknownst to those involved in the communication. 

Phishing is consistently the leading cause of data breaches reported to the Australian Government. 

Can email filtering prevent delivery of Phishing emails? 

Bond University invests significant funds into a leading email security platform.  ITS staff tune the policy of this platform daily.  Bond on average receives half a million emails per day, only 1.8% of these are deemed clean and delivered to their intended recipient. 

How can I identify a Phishing email? 

  1. Identify the Sender.‚ÄĮDo you know this person?¬†¬†Make sure to check the sender‚Äôs email address¬†as well, not just their name.¬†

  2. Reply-to.‚ÄĮIf¬†you reply to an email and¬†the¬†reply-to address is different from the sending address, this should raise your suspicion for the whole message.¬†

  3. Links and Attachments.‚ÄĮHover over links to see the actual URL, do you recognise the domain?¬†¬†If you were not expecting an attachment or a link, and you do not know the sender, do not open it!¬†¬†If you are not sure, check with the sender by phone (don‚Äôt use a phone number in the e-mail).¬†

  4. Grammar and Tone.‚ÄĮMany malicious e-mails have poor grammar, punctuation and spelling. In addition, you should know how your co-workers communicate.¬†¬†Does this message sound like them?¬†¬†If not, it is probably malicious.¬†

  5. Emotions.‚ÄĮBe wary of any e-mails trying to¬†exploit¬†certain emotions. Commonly¬†used¬†triggers¬†are:¬†

  • Greed.‚ÄĮMessages offering or promising you money by clicking a link or giving away information are usually¬†malicious.¬†¬†If it seems too good to be true, it probably is.¬†
  • Urgency.‚ÄĮUnusually short deadlines create a false sense of urgency to act.¬†¬†Attackers employ this technique to confuse the recipient.¬†
  • Curiosity.‚ÄĮAttackers take advantage of our curiosity by promising something exciting or prohibited content.¬†
  • Fear.‚ÄĮThreatening recipients with negative consequences¬†is¬†a common tactic to generate responses¬†‚ÄĒ¬†such¬†as threatening to shut off accounts, financial penalty¬†or legal action.¬†