Phishing is the act of attempting to maliciously acquire information such as usernames, passwords, and credit card details (and sometimes indirectly, money) by masquerading as a trustworthy entity in an email.

What does a phishing email look like?

Below is an example email which was sent to staff and students in an attempt to redirect University users to a fraudulent email login page used to maliciously capture passwords. The link opened a malicious website which was setup to look like the authentic Flinders email website to trick users into giving away their FAN and password.

phishing email example

What to do if you suspect you have received a phishing email

  • DO NOT click on any links in the email.
  • DO NOT supply any personal information of any kind as a result of the email.
  • DO NOT reply to the email or attempt to contact the senders in any way.
  • DO NOT open any attachments that arrive with the email.
  • FORWARD the phishing email sample to
  • DELETE the email from your computer as soon as possible.

What to do if you already clicked on a link

It is imperative that you act quickly to protect your Flinders University account.

How to avoid becoming a victim of a phishing scam

  • Delete any unsolicited email from an organisation (Flinders or otherwise) that asks you to provide sensitive personal information or account information.
  • Never click on a link in an email, always manually type website addresses into your browser/search engine instead.
  • Report all suspicious email to ITS Client Services.

Reporting Phishing email

To report a Phishing email, we ask that you use the Microsoft Junk Add-in that is available on University staff computers running Microsoft Outlook on Windows and from any computer using Outlook Web Access (OWA)OWA is available from your Okta dashboard.

When the Add-in is installed for Outlook, or when in OWA you will see a ‘Junk’ button in ribbon:



Outlook Web Access (OWA)


To report an email as Phishing:

  1. Highlight the email in your inbox (single click on the subject)
  2. Click the down arrow to the right of the Junk button
  3. Select the Report as Phishing option
  4. the email will be deleted from your inbox and a copy will be forwarded to Microsoft for analysis. Submitting samples in this manner helps Microsoft improve Phishing email detection.


Outlook Web Access (OWA)