The University’s IT support staff will never ask for your password, and you should never provide your University (or any other) password in an email.

The IT Assurance and Cyber Security Office Phish Bowl page has information about any scam or phishing emails recently received by University of Otago email accounts.


Spam is email that:

  • Is not welcome or relevant
  • Is sent to many people
  • Often tries to sell you something

The majority of the spam sent to University of Otago domains is intercepted by the University's anti-spam systems and forwarded to your Junk or Spam folder. You can often easily recognise spam without even opening an email by reading the message’s subject header.

If the occasional spam email appears in your mailbox you don’t need to do anything, just delete the email. However, you should contact AskOtago if:

  • A large number of spam emails arrives in your Inbox instead of being sent to your Junk or Spam folder
  • You think that your email account has been hijacked to send spam to people in your address book
  • You think that your email address is being used to send spam

There are different types of spam, and while most spam emails won’t harm your computer, they may contain links or attachments which do. If you are unsure if an email is legitimate, or whether a link or attachment is safe to click on, you can contact AskOtago for further advice.

Freephone 0800 80 80 98 (within New Zealand)
Tel +64 3 479 7000

Some spam emails may ask for personal information such as usernames and passwords or bank details, or may even contain a threatening request for a payment. If you receive such an email, please report this to AskOtago and provide the full headers of the suspicious email in your email to them. The full header contains information about the path an email took as it crossed mail servers, so is used by ITS for tracking and troubleshooting.

Forwarding an email with full headers

Phishing and spear phishing emails

Phishing emails are those which attempt to:

  • Access your email account or bank details for fraudulent or illegal purpose
  • Elicit private information, such as usernames and passwords, credit card numbers, or home addresses

They may:

  • Ask you to visit a website via a link
  • Contain basic spelling or grammatical errors (but still look like an official email)
  • Sound threatening or urgent

Spear phishing emails are specifically directed to an organisation (e.g. the University of Otago), and often claim to be from local IT support staff, or a senior staff member. A common example of this is the emails requesting the recipient purchase iTunes vouchers for the sender.

The IT Assurance and Cyber Security Office blog has more information about identifying phishing emails and current phishing and scam emails targeting Otago:

Current phishing emails
Detecting Phishing Emails

If you receive a phishing email that appears to come from the University of Otago, don't open any attachments or click on any links. Report it to AskOtago along with the email’s full headers.

Last updated 09/11/2021 01.30 PM

Did this answer your question?