The IT Assurance and Cyber Security Office "Phish Bowl" page has information about any scam or phishing emails recently received by University of Otago email accounts:

Phish Bowl


Spam is email that:

  • Is sent to many people
  • Is not welcome or relevant
  • Often tries to sell you something

The majority of the spam sent to University of Otago domains is intercepted by the University's anti-spam systems and forwarded to your Junk or Spam folder. You can often easily recognise spam without even opening an email by reading the message’s subject header.

Spam won’t harm your computer, unless you receive so much spam that it fills up your email quota, but:

  • The spam email may contain a link to a website that could harm your computer
  • If the spam email has an attachment containing a virus it will pose a risk to your computer

You can protect your computer by being wary of attachments and links in emails, especially emails that look like spam.

If the occasional spam email appears in your mailbox you don’t need to do anything, just delete the email. However if:

  • A large number of spam emails arrives in your Inbox instead of being sent to your Junk or Spam folder
  • You think that your email address is being used to send spam, or
  • You think that your email account has been hijacked to send spam to people in your address book

you should report this to AskOtago:

Tel +64 3 479 7000 or 0800 80 80 98

Phishing email

Phishing email is a type of spam email that:

  • Seeks to elicit private information, such as usernames and passwords, credit card numbers, or home addresses
  • Aims to access your email account or bank details for fraudulent or illegal purposes

Spear phishing email

"Spear" phishing emails (so-called because they are targeted at particular companies/individuals):

  • Are specifically directed to an organisation (e.g. the University of Otago) usually claiming to be from local IT support staff
  • Ask people to reconfirm login details, including passwords (please note that the University's IT support staff will NEVER ask for your password)
  • Might ask you to visit a website via a link
  • May sound threatening or urgent
  • Can have basic grammar or spelling errors but also appear like a legitimate official email

The IT Assurance and Cyber Security Office blog has more information about identifying phishing emails:

Detecting Phishing Emails

If you receive any phishing emails, don't open any attachments or click on any links. See the related answer for what you need to do:

Spear phishing emails

Last updated 28/04/2020 04.28 PM

Did this answer your question?