ANU still a target for phishing

An update from our Cyber Sense team
25 June 2021

ANU continues to be a target of opportunity for phishing attacks. Over the past week we have had many members of our community targeted by cyber threat actors seeking to compromise our people and systems. 

We need all ANU community members to be extra vigilant.

Attackers are attempting to socially engineer ANU personnel into divulging username and passwords. A common phishing approach is sending victims an email claiming to be a file (say an invoice) that needs to be viewed and actioned. Invoice themed phishing emails are common as we approach the end of the financial year.

A recent example of a phishing email directed at us is illustrated below:

When a victim clicks on the button or link to view the document, they will be shown a log screen, and asked to log in with their ANU credentials. If a victim has provided their email and password here, they have been compromised.

Ways to detect and avoid the phish?

  • Be vigilant and engage your healthy sceptical Cyber Sense
  • Examine all links and file downloads carefully before clicking on them
    • Hover your mouse over the link and check that it matched where the claimed file is – there is often a mismatch between where the file claims to coming from (Office 365) and where the link points you to (,, etc.)
  • If prompted for your username and password after clicking on a link/attachment – check the login screen very closely.
    • Check the web address - verify it is coming from a trusted or address
  • If an email is unexpected or unusual, especially from a colleague, check with them via phone if the email is legitimate.
    • Several phishing attacks have been identified and contained through users checking and reporting on suspicious activity.

What to do if I clicked and gave my details?

If you have received an email like this and entered your username/email and password when prompted:

  1. Change your password IMMEDIATELY at – on another device from the one you clicked on the link.
  2. Report via email to – include details of how you were compromise and indicate that you have changed your password.
  3. Await further instructions.

If you receive an email you suspect is phishing, please do the following:

  1. Do not click on any links, buttons or images within the suspect email;
  2. Do not reply to the suspect email;
  3. Forward the suspect email to;
  4. Report the email to; and
  5. Delete the email from your inbox.

Support and more information

The Cyber Sense website has links to a training module on how to identify phishing more generally.

Further phishing information can be found at:‐technology/it‐security/phishing

With your cyber sense and resilience, we can contain and clean‐up phishing attacks promptly and continue our community’s ability to live safely online.

If you have any questions related to phishing please visit the Service Now Knowledge Base, the Cyber Sense website or email