It's important to be aware of email security and scams to ensure your identity and UQ's data and systems remain safe.

Email security

The security of your email account is your responsibility. You should keep up to date with how to recognise the types of scams detailed on this page and learn how protect yourself from malicious emails. If you are a staff member, you can take control of your account security using Outlook.

Email scams

Most email scams try to lure you into clicking a link, opening an attachment, downloading a file or entering account information.

If you do any of these things, a scammer can steal sensitive or confidential information, and your computer and UQ's systems can be compromised.

There are two main threats in email scams:

  • phishing
  • malware.


Phishing is a form of fraud used by scammers to steal personal, work or UQ information.

Phishing emails are designed to look like legitimate emails from reputable organisations and people you trust. They may appear to be from another university, your bank, a government department or even UQ. Scammers often copy the design, branding and logo of the organisation they claim to be from.

Phishing emails try to get you to click a link, open an attachment, download a file or enter your account information, so they can steal your data or infect your computer with malware.


Malware is used by scammers to infect your computer with malicious software.

There are many different types of malware, but they are all designed to damage or seize control of your computer, and steal your data or UQ's data.

If you open an attachment or link, or download a file from a fake email or website, you might infect your computer with malware.

Ransomware is a type of malware that locks your computer. A scammer then demands money to unlock your computer.

If you pay the scammer, there is no guarantee your computer will be unlocked.

Recognising an email scam

Look out for these warning signs to help identify an email scam:

  • you're asked to enter personal information, open an attachment or link, or download a file
  • you're told you need to do something urgently
  • the email is worded strangely with poor spelling and grammar
  • the email has been sent from an unusual address or includes unusual 'Reply-To' addresses
  • the email is unpersonalised or unexpected.

If you think you may have received a phishing email, make sure you:

  • don't open any links or attachments
  • don't enter any personal or account information
  • don't use any embedded forms in the email
  • report the email.

Reporting an email scam

It you receive a suspicious email that asks for your UQ account username or password, submit an IT request as soon as possible.

If you have responded to the phishing email, your account may be temporarily locked. If your account is locked, submit an IT request.

If you receive a suspicious email that is unrelated to UQ, submit the details through Report a scam.

We're here to help

Before contacting us, try browsing or searching for common questions.