Phishing

Recognise phishing emails

What to do

Learn to recognise phishing  emails and then report them.

Phishing emails used to be easy to spot, you had to look out for spelling errors, pixelated logos, and fake email addresses. With scammers becoming more professional, phishing emails can be harder to identify.

How to do it

Always ask yourself, am I expecting to receive this email? Most phishing emails are unsolicited. If you aren’t expecting it, be particularly careful.

Verify the information in the email. Go directly to the person, bank, business or department and check with them. Don’t use contact information provided in the email itself, use an email address or phone number provided on their official website.

You can also check by using Monash’s ‘report phishing’ button in Gmail, which will evaluate the email as safe, spam or malicious. See the report phishing emails section below for instructions on how to do this.

Why it matters

Scammers use email or text messages to try to steal your passwords, account numbers, or date of birth. If they get this information, they are a step closer to getting access to your email, bank, or other accounts.

Once they have access they could steal your money or data, install malware on your devices, or sell your information to other scammers.

Report phishing emails

What to do

Always report a suspected phishing email, even if you’re not sure.

How to do it

The quickest and easiest way to report a phishing email is to use Monash’s ‘report phishing’ button in Gmail. Currently this is only available on your desktop, not in the mobile app.

To report, follow these steps:

  1. Click the three dots at the top right, next to the reply icon (More will appear when you hover over this).

  2. Click " Report  phishing " from  the drop down list.

  3. Click the “Report Phishing Message” button.

You’ll receive a response from the Phishing Analysis Service (no-reply@e105.e.monash.edu) and the email will be evaluated as safe, spam or malicious. No further action is required.

Why it matters

Recognising a phishing email protects you, reporting a phishing email protects everyone. A couple of button clicks is all it takes.

If you spot a phishing email in your inbox, reporting it will also remove it from other people’s Monash inboxes.