It's important to be aware of email scams to ensure your identity and UQ's data and systems remain safe.

The security of your email account is your responsibility. Make sure you're able to recognise, prevent and report suspicious emails to help keep your account safe.

Types of scams

Most email scams try to lure you into clicking a link, opening an attachment, downloading a file or entering account information.

If you do any of these things, the scammer can steal sensitive or confidential information, and your computer and UQ's systems can be compromised.

There are two main threats in email scams:

  • phishing
  • malware.


Phishing is a form of fraud used by scammers to steal personal, work or UQ information.

Phishing emails are designed to look like legitimate emails from reputable organisations and people you trust. They may appear to be from another university, your bank, a government department, someone you know or even UQ. Scammers often copy the design, branding and logo of the organisation they claim to be from.

Phishing emails try to get you to click a link, open an attachment, download a file or enter your account information, so they can steal your data or infect your computer with malware.


If you’re a UQ staff member, keep an eye out for whaling emails. Whaling is a specific type of phishing scam that targets an organisation’s employees.

In this scam, scammers pose as a high-level executive – known as a ‘whale’ – and send emails to employees with instructions for transferring money, releasing information or another task. This allows them to access financial data, customer data or business systems.


Malware is used by scammers to infect your computer with malicious software.

There are many different types of malware, but they are all designed to damage or seize control of your computer. The goal is to steal your data or UQ's data.

If you open an attachment or link, or download a file from a fake email or website, you might infect your computer with malware.


Ransomware is a type of malware that locks access to your files. A scammer then demands money to restore your files.

If you pay the scammer, there's no guarantee your files will be restored. 

Top of page

Recognising email scams

Look out for these warning signs to help identify an email scam:

  • the email is unexpected or not personalised 
  • you're told you need to do something urgently
  • the email is worded strangely with poor spelling and grammar
  • when hovering over links in the email, you notice unusual URLs – see how to identify a fake URL (PDF, 1.5 MB)
  • the email has been sent from an unusual address or includes unusual 'Reply-To' addresses
  • you're asked to enter personal information, open an attachment or link, or download a file.

If you have received a suspicious email, make sure you:

  • don't open any links or attachments
  • don't enter any personal or account information
  • report the email.
Top of page

Preventing email scams

At UQ, we use robust security systems to detect and block suspicious emails. However, some unwanted emails still make it past our filters.

To prevent email scams from being sent to your UQ email account: 

  • don’t share your email address online unless you need to
  • don’t provide your UQ email for personal activities, such as online shopping
  • make sure you use your UQ email – rather than your personal email – for UQ work or study-related activities
  • delete spam messages without opening them
  • don’t respond to or unsubscribe from suspicious emails – scammers may use this to verify your email address
  • follow the instructions to block suspicious email addresses in Outlook or Office 365.
Top of page

Reporting email scams

If you receive a suspicious email in your UQ email account, follow the instructions to report it through your version of Outlook.

Outlook 2016

  1. Select the email. 
  2. From the top 'Home' menu in the 'Respond' section, select 'More' > 'Forward as attachment'.
  3. In the 'To' field, enter
  4. In the 'Subject' field, enter Suspected phishing email
  5. Select 'Send'. 

Outlook for Mac

  1. Select the email. 
  2. Select the 'Message' toolbar menu.
  3. Select 'Forward as attachment'.
  4. In the 'To' field, enter
  5. In the 'Subject' field, enter Suspected phishing email
  6. Select 'Send'. 

Outlook Web App

  1. Select 'New' from the top menu. 
  2. Hover over the phishing email in your inbox and drag it into the new email. 
  3. In the 'To' field, enter
  4. In the 'Subject' field, enter Suspected phishing email
  5. Select 'Send'. 

If you receive a suspicious email that is unrelated to UQ, submit the details through Report a scam.

Top of page

We're here to help

Before contacting us, try browsing or searching for common questions.