A number of questions have been raised about the fraudulent email circulated on Tuesday 30 July. Please take the time to read the following important answers to these questions.
How was someone able to send these emails to students?
Anyone can send emails to students – your friends, family as well as other students, and therefore also scammers. ITS Security immediately investigated the source of these emails and how your email address was obtained and has taken urgent follow-up action. This type of email is known as a ‘phishing email’, the aim of which is to obtain important information by pretending to be a trustworthy entity – in this case the University, but more frequently a bank. Think of it as ‘fishing’ for your personal information. (You can safely click on the link above – it goes to an information page only.)
I wrote to the contact email address that was included in the fraudulent email and supplied some personal information in it? Is this safe?
In this instance the email address really did belong to the University so the information you sent was not compromised. This helped to make the email look real. The only thing that was suspicious was the link to the Student Information System login page.
Was the email ‘Commonwealth Assistance Notice now available’ that I received on 11 April 2013 also a scam?
If you undertook study with a census date in March this year (eg semester 1 study) you would have been notified of your Commonwealth Assistance Notice around 11 April. This was an official communication from the University. The scammers copied one of these and inserted the link to a fraudulent website - which was then used to steal your FAN and password details.
What if I get messages called ‘Commonwealth Assistance Notice now available’ in the future?
Under Commonwealth legislation, the University is required to notify you of your HELP debts (HECS-HELP, FEE-HELP, SA-HELPL etc) via a Commonwealth Assistance Notice. These notices are posted into the Student Information System and an email is sent to let you know that a new notice is there. In order to reduce the risk to you, future messages will not have a link to the Student Information System but will remind you how to get to the login page. Please do not disregard future emails about your Commonwealth Assistance Notices.
On Monday I received an email from the University about important dates for semester 2 – was this a fraud too?
No, this was an official message from the University and the link to the Student Information System was a safe link. In the future these reminder messages will not include any links to a login page – just a reminder of how to find it. All official messages of a general (rather than individual) nature are also posted in the FLO announcements, so if you are unsure you can check there to confirm it is official.
Can you be sure this won’t happen again? Or if it does, how can I protect my identity?
Unfortunately there isn’t a 100% guarantee that this won’t happen again, but it will become easier for you to notice if you get a fraudulent email. Links to pages that ask for your FAN and password should not be included in future official emails. To protect yourself, never click on a link to a login page that asks for your personal details. Always go to the Flinders University website and follow the website navigation or use the search option to find the page. The same principle also applies to emails that pretend to come from banks and other reputable organisations.
Director, Student Administration and Systems