Email Security and Safe Practices

Unauthorised access to an email account is the most common way to steal personal information.

If ever in doubt about an email you have received, please contact IT so we can verify its authenticity. If you think your email account or contact list is compromised, let your colleagues know to prevent further attacks or compromises.

Please be aware IT does not send emails relating to password expiry, reset options or confirmation.

What does IT do about Email Security?

Mimecast SPAM filtering applies to all emails sent from external contacts to prevent phishing attacks on our system. Email attachments and URLs scanned and found to have any threats are quarantined. Mimecast identifies these quarantined emails as suspicious and requires further action before being delivered to your inbox. Quarantined emails show in your inbox under Postmaster.

How to Identify unwanted emails?

Tips to help you recognise them:

  • Request personal information or money
  • Encourage you to click on links or attachments
  • A sense of urgency, such as “urgent action required!”
  • The message contains poor grammar and spelling
  • There are no contact details, or the signature is generic
  • Sent from a person or company you haven’t contacted before
  • The sender's name does not match their sending address
  • If the email appears to be from a known sender but seems unusual or asks you something you would not normally do (purchase an item or verify personal information)
  • Talks about a virus warning

How can I avoid unwanted emails?

Now you know what unwanted emails may look like, take these extra steps to avoid them at work and home.

  • Don’t use your university email to sign up for online accounts
  • Keep separate email accounts for personal and business use
  • Use our SPAM filter to block known unsafe senders and organisations
  • Delete spam messages without opening them

Other steps you can take at home

  • Before using your email address online, read the website privacy policy, so you know how they may use the personal information you provide.
  • When you sign up for an online account or service, be aware of options to receive emails about other products and services.
  • Use separate email accounts where possible when signing up or filling in online forms

Sign up and stay informed on the latest threats at
Keep informed on the latest scams on Scamwatch at

Types of SPAM and Phishing Emails

  • Phishing bulk emails sent to multiple people (untargeted) asking for personal or sensitive information. They encourage you to open an attachment or visit a fake website.
  • Spear phishing a sophisticated form of phishing; the email is targeted at specific individuals or their position and is designed to look like it's from a person the recipient knows and trusts.
  • SPAM unsolicited email sent in bulk to multiple people or an organisation (untargeted) most commonly in the form of advertising.
  • Ransomware embedded in links or attachments in emails, highly damaging form of malware it can encrypt and lock your files preventing access. Recovery costs can be significant for an individual or organisation.

Video: Learn tips & tricks to protect your account against unwanted access from phishing and email scams.

You have 1 New Message

We take many steps and practices to filter out unwanted emails from our systems; however, some can still make it through. Think twice before opening or replying to these types of emails:

  • The sender is unknown, or you don’t usually receive emails from them
  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name
  • Don’t reply to or forward chain letters to colleagues
  • Think before clicking on links or opening any attachments, even if you know the sender
  • If you're not sure, contact the person or business to check if they sent the message. Use known contact details when doing this
  • Hover over a link to see if the web address is legitimate
  • Search the company or link in Google to confirm it is genuine
  • It is unlikely your financial institution and other large organisations (such as Amazon, PayPal, Google, Apple, Facebook) would send you a link and ask you to enter your personal or financial details using email

What do I do if I click on a link?

If ever in doubt about an email you have received, please contact IT so they can verify its authenticity. If you think your email account or contact list is compromised, let your colleagues know to prevent further attacks or compromises to accounts.

Send the following details to your IT Service Desk

  • Sender name or address
  • Email details
  • Time opened
  • If you have already reset your password

If your account becomes compromised, our system flags your account, and as a security precaution, disables it until IT is contacted and your details updated.

What’s in the Attachment?

Messages sent and received are scanned for any viruses or possible threats found in their attachment. If a possible threat is found, the message is quarantined and the attachment blocked or removed.

Checking the file extension of an attachment can tell you if a message may be hiding its real purpose. If there is more than the extension mentioned (i.e. doc.text or vbs.script), the attachment may contain a threat.

Common files names can also be affected .doc (word), .rft (rich text format) and .xls (excel)

Our SPAM filters or an outside organisations system may block attachments with uncommon files extensions. Uncommon file extensions can include:

.Trojan .cmd .hta .mov .reg .shs .wsc
.avi .cnf .in .mp3 .scf .vbe .wsf
.bas .com .lnk .mpeg .scr .vbs .wsh
.bat .cpl .mhtml .mpg .sct .vsf .xnk
.chm .exe .mng .pif .shb .wmv

Minimise Attachment Blocking

Reduce the number of emails blocked because of their attachment:

  • Keep the filename short
  • Don’t add spaces in the title
  • Remove any special characters from the name
  • Use hyphens or underscores instead of spaces
  • Don’t include multiple file extensions i.e. Human_Anatomy.doc.vbs

The maximum size limit of an email (including the file attachment) is 30MB. Emails that exceed this limit are not delivered, and an undeliverable message is sent to your inbox.

Please note that some attachments are removed because of wording considered inappropriate. If you are receiving undeliverable messages or believe your attachment has dropped, please contact IT for further assistance.

Should I open it?

Avoid possible threats by taking the following precautions when opening emails with attachments.

  • If the attachments show with 0KB as the size
  • If there is text but no attachment when mentioned
  • If the message seems confusing or is poorly written
  • If the message contains wording like "You must take a look at this", or "I'm sending you this because I need your advice."
  • If the file contains any of the extensions above or double extensions

It is best to check with the sender to see if they knowingly sent the email/attachment in question.

Report SPAM or Unwanted Emails

It is crucial to report SPAM or any unwanted emails from any sender, whether they be external or internal. Our email filtering system blocks certain email services as they are targeted more frequently and can be blocked if they are known to send SPAM or malicious messages.

If you are unable to send or receive emails to your email or you receive unwanted messages, please send the following information to your IT Service Desk.

  • Sender name or address
  • Email service (iiNet, Telstra, Gmail)
  • Email details
  • Time opened
  • If you have already reset your password

Test your Knowledge

Take the Cisco Phishing quiz to test your knowledge.

Back to IT@ND: CyberSecurity