Spot and report the phish before it bites
Learn how to spot the red flags of a phishing email and how to report it to help protect everyone at the University.

Phishing emails are the ultimate impersonators, like a Venus Fly Trap. They lure in unsuspecting prey with bright colours (or great offers), then clamp shut and claim another victim. Some are easy to spot, but others are surprisingly slick, and falling for just one can put your personal information, passwords, or the University’s systems at risk.
Things don’t look to be improving either, with the Australian Taxation Office (ATO) reporting that email and SMS continuing to be the most common ways scammers reach Australians – accounting for around 90% of ATO scam reports in 2024. Knowing how to spot a phishing email is one of the simplest and most powerful ways to protect yourself and our University community.
Capture the (red) flags
Phishing emails are designed to trick you into clicking a link, opening an attachment, or giving away sensitive information. They often pretend to be from someone you trust – like a colleague, your bank, or even someone from the University.
Like all scams, there are common red flags to look out for. We’ve highlighted some of those flags in the examples below, which are based off real phishing emails that have been doing the rounds. If you spot any red flags like these in an email, or you’re just not sure – report it as a phishing email!
Click the images to enlarge them.
What to do if you spot one
If something feels off, it probably is. Don’t click, don’t reply – just report it.
Use the “Report” button in Outlook (it’s in the toolbar).
If you don’t have the button, forward the email to: spam-report@unimelb.edu.au.
Remember: when in doubt, report it – you can help protect the whole University.
Cybercriminals are always refining their tactics – but so are we. To stay one step ahead, check out our Scam Advice page for common scam types, and keep an eye on our Scam Alerts for the latest threats doing the rounds.

