It's important to be aware of email security and scams to ensure your identity and UQ's data and systems remain safe.

Email security

UQ uses a cloud-based security system called Mimecast to automatically detect suspicious emails.

If Mimecast detects a suspicious email – whether incoming or outgoing – it will filter the email and then send you an email notification.

This email notification is called a digest. A digest gives you three options:

  1. Release: You can release the email and have it delivered to your inbox. Further emails from the sender will still need to pass all checks before they are delivered to your inbox.
  2. Block: You can remove the email from the hold queue and block its delivery to your inbox. Further emails from this sender will be blocked.
  3. Permit: You can release the email and have it delivered to your inbox. Further emails from the sender will bypass all spam checks, but will still need to pass virus scanning, content, and attachment policies before they are delivered to your inbox.

You will need to select one option for each email listed in the digest. If no action is taken, emails will expire from the hold queue after two weeks.

View an image of a digest

Watch: How to use a digest

Email scams

Most email scams try to lure you into clicking a link, opening an attachment, downloading a file or entering account information.

If you do any of these things, a scammer can steal sensitive or confidential information, and your computer and UQ's systems can be compromised.

There are two main threats in email scams:

  • phishing
  • malware.

Phishing

Phishing is a form of fraud used by scammers to steal personal, work or UQ information.

Phishing emails are designed to look like legitimate emails from reputable organisations and people you trust. They may appear to be from another university, your bank, a government department or even UQ. Scammers often copy the design, branding and logo of the organisation they claim to be from.

Phishing emails try to get you to click a link, open an attachment, download a file or enter your account information, so they can steal your data or infect your computer with malware.

Malware

Malware is used by scammers to infect your computer with malicious software.

There are many different types of malware, but they are all designed to damage or seize control of your computer, and steal your data or UQ's data.

If you open an attachment or link, or download a file from a fake email or website, you might infect your computer with malware.

Ransomware is a type of malware that locks your computer. A scammer then demands money to unlock your computer.

If you pay the scammer, there is no guarantee your computer will be unlocked.

Recognising an email scam

Look out for these warning signs to help identify an email scam:

  • you're asked to enter personal information, open an attachment or link, or download a file
  • you're told you need to do something urgently
  • the email is worded strangely with poor spelling and grammar
  • the email has been sent from an unusual address or includes unusual 'Reply-To' addresses
  • the email is unpersonalised or unexpected.

If you think you may have received a phishing email, make sure you:

  • don't open any links or attachments
  • don't enter any personal or account information
  • don't use any embedded forms in the email
  • report the email.

Reporting an email scam

It you receive a suspicious email that asks for your UQ account username or password, submit an IT request as soon as possible.

If you have responded to the phishing email, your account may be temporarily locked. If your account is locked, submit an IT request.

If you receive a suspicious email that is unrelated to UQ, submit the details through Report a scam.

We're here to help

Before contacting us, try browsing or searching for common questions.

Students
Submit an IT request

Staff
Submit an IT request