Phishing is when someone steals your login details to gain access to your email account.
- People are often tricked into revealing sensitive information, such as their usernames and passwords.
- This is usually through a link in an email to a fraudulent website.
- If successful, your account could be used to send further emails.
Attacks usually happen by clicking a link that directs you to a website where your account is compromised. These links are often sent by email and may come from people in your contacts list.
You need to be diligent when reading emails and clicking links.
- Look for a mismatch between the name and the email address. For example, the email sender display is Gmail Team but the address is firstname.lastname@example.org (staff) or email@example.com (student).
- Check the links carefully, for whether the displayed text matches the actual link, or where a real domain is followed by a suspect one (google.com.fakewebsite.ru). To see the actual link URL, hover your mouse over the linked text.
- Look out for poor spelling, punctuation and grammar.
- Pay attention to your web client's warning, e.g. in Google Mail, some suspect emails will be flagged with a red banner.
Example of phishing email
- Check the URL (address bar in your browser) of the site carefully to ensure it's authentic.
- Make sure the site looks like you expect it to.
- Look for the green lock symbol in your browser address bar and check that it displays the company it claims to be, e.g. Google, Monash.
- Check you're on an authentic Monash login page – a dark blue background with the Monash crest on the left and a white area where you enter your credentials on the right.
- Change your password regularly and never reuse an old password.
- If you think your account has been compromised, change your password immediately.
- Never open suspect attachments.
- Update your email security alerts to notify you of suspicious activity in your account. This is on the Google sign-in and security page under ‘Security alert settings’.
- Only ever enter your login details on a website you trust.
Help and support
Contact the Service Desk