Phishing is an attempt to fraudulently obtain personal information by sending fake emails that look like they come from a trusted source. Typically, phishing emails ask you to click on a link to verify or update your contact details or to provide credit card information. The link takes you to a forged web page where information you submit (such as your password) can be captured and potentially used for malicious purposes.

What to look for

Phishing attacks can be sophisticated, so it’s smart to question any email asking for money or personal information, even if it has the logo or email address of a trusted organisation.

Look out for emails and messages, particularly unexpected emails, that:

  • Encourage you to click on links or open attachments
  • Create a sense of urgency
  • Try to invoke strong emotions like greed or fear
  • Request personal or sensitive information or money

Take a step back and review the message. Warning signs include:

  • Unusual or inconsistent sender address. If the email address doesn’t match the sender name, be suspicious.
  • Check the signature. If it’s overly generic or doesn’t follow company protocols, it could indicate that something is wrong.
  • Assess the tone. We know how our colleagues talk, so if an email sounds strange, it’s worth another look.

Remember legitimate companies will never ask for passwords, tax file numbers or other sensitive data via email. And always check the URL of the site you are visiting. Phishing emails often direct you to a website that appears to look legitimate, but it’s actually used to steal your password or other sensitive data.

RMIT email filter

RMIT stops suspicious links being accessible from RMIT staff and student email accounts.

If a link is safe, you will automatically be sent to the website you have requested. If it is not safe, a block message will be displayed.

Hovering over web links will display a URL using our email filtering tool Mimecast so you'll know you and RMIT are being protected.

If the email is legitimate but has been blocked, you can type the URL directly into the web browser to visit the website you need.