The University’s IT support staff will never ask for your password, and you should never provide your University (or any other) password in an email.

The IT Assurance and Cyber Security Office Phish Bowl page has information about any scam or phishing emails recently received by University of Otago email accounts.


Spam is email that:

  • Is sent to many people
  • Is not welcome or relevant
  • Often tries to sell you something

The majority of the spam sent to University of Otago domains is intercepted by the University's anti-spam systems and forwarded to your Junk or Spam folder. You can often easily recognise spam without even opening an email by reading the message’s subject header.

If the occasional spam email appears in your mailbox you don’t need to do anything, just delete the email. However, you should contact AskOtago if:

  • A large number of spam emails arrives in your Inbox instead of being sent to your Junk or Spam folder
  • You think that your email address is being used to send spam
  • You think that your email account has been hijacked to send spam to people in your address book

There are different types of spam, and while most spam emails won’t harm your computer, they may contain links or attachments which do. If you are unsure if an email is legitimate, or whether a link or attachment is safe to click on, you can contact AskOtago for further advice.

Freephone 0800 80 80 98 (within New Zealand)
Tel +64 3 479 7000

Some spam emails may ask for personal information such as usernames and passwords or bank details, or may even contain a threatening request for a payment. If you receive such an email, please report this to AskOtago and provide the full headers of the suspicious email in your email to them. The full header contains information about the path an email took as it crossed mail servers, so is used by ITS for tracking and troubleshooting.

Forwarding an email with full headers

Phishing and spear phishing emails

Phishing emails are those which attempt to:

  • Elicit private information, such as usernames and passwords, credit card numbers, or home addresses
  • Access your email account or bank details for fraudulent or illegal purpose

They may:

  • Ask you to visit a website via a link
  • Sound threatening or urgent
  • Contain basic spelling or grammatical errors (but still look like an official email)

Spear phishing emails are specifically directed to an organisation (e.g. the University of Otago), and often claim to be from local IT support staff, or a senior staff member. A common example of this is the emails requesting the recipient purchase iTunes vouchers for the sender.

The IT Assurance and Cyber Security Office blog has more information about identifying phishing emails and current phishing and scam emails targeting Otago:

If you receive a phishing email that appears to come from the University of Otago, don't open any attachments or click on any links. Report it to AskOtago along with the email’s full headers.

Last updated 09/08/2021 02.30 PM

Did this answer your question?