Security announcements

This page contains security announcements and examples of real phishing emails received by the University.

Phishing email: 1 September 2014

On 1 September 2014 a number of students received an email claiming to be from 'EC Mail management', with the subject line 'Notification'. The text of the mail is as follows:

Dear User

To re-validate your mail account please click on the below link and enter your user id and password for maintenance and Virus Scanning, Very Important. 

Click here

Your Mail account will be permanently terminatedin a short time for failure to adhere to our urgent notice.

Thank you for your cooperation.

EC MailManagement Support

© EC Services, ITS, The University of Auckland - All rights reserved.

A few characteristics give away that this is a good example of a phishing email. They are:

  1. The recipient is addressed as 'Dear User'. This email is sent by someone who has no idea who you are. The University, when it sends email to students, will know who you are, and will not use a 'Dear User' instead of your name.
  2. Incorrect capitals in the first sentence, the phrase 'Very Important' is capitalised and placed just before the 'Click here' link to provide a sense of urgency to click the link.
  3. The University does not need you to click on links to enable 'mail management and Virus Scanning'.
  4. Spelling errors. The space between 'terminated' and 'in' is missing.
  5. The use of phrases like 'failure to adhere to our urgent notice' is pretty characteristic of a phishing attempt.
  6. The mail is not signed by a person.

Find out how to recognise a Phishing attack.