Cyber security

Protecting yourself from cyber scams

Scammers use tactics to take advantage of common activities relating to you heading off to university, such as looking for an apartment, applying for a visa, signing up for utilities, or getting a new credit card.

They may contact you via email ('phishing'), SMS ('smishing'), phone call ('vishing') or even your socials. They may pretend to be from the university, the government, tax department, police, immigration, foreign embassy, or your bank, to discuss your recent activity. 

They try to convince you to act, often with urgency so you will give your private information and/or access to bank accounts.

Suspicious behaviour to look out for

The best way to beat scammers is to know how to recognise a scam. Be alert and on the lookout for suspicious behaviour, including:

  • Being asked for personal information such as a password, credit card number, access to your computer, or official documentation.
  • Receiving an ‘urgent’ text message, email or phone call with a fake emergency or threats of legal action.
  • Communication that states you owe money or need to make a payment, even by using gift cards.
  • A call, email or text from someone pretending to be from a known organisation.
  • Any communication with bad spelling, an unusual sender name or email address.

What to do if you receive something suspicious

The best response is to not engage.

  • Never respond to requests for personal information via email from legitimate organisations. Do not reply, click on links or images, or open any attachments. Check the sender’s email address for additional/unknown characters.
  • If you answer a phone call and you’re suspicious, hang up immediately.
  • Take a screen shot and delete any text messages.
  • If the messenger is claiming to be from a known organisation, check the contact details on their official website, or call them to ask if they sent any communications.
  • Get a second opinion from a friend or family member.

What to do if you've been scammed

Being the target of a scam can be incredibly distressing. We can help you get through this.

  • If there is an immediate threat to life or risk of harm, call 000.
  • If you receive phishing or junk email in your UWA inbox, use the Report Message button to flag the message with UWA’s Cyber Security team. This will help protect others from the same scam.
  • Contact your bank immediately. They may request a police report to investigate which you can submit at ReportCyber.
  • Reset any potentially compromised accounts (online banking, MyGov, UWA login, email accounts, social media, etc.)
  • Secure your device by scanning your computer and removing any devious programs.
  • If you’re an international student, contact our International Student Support team for support and advice.
  • Inform family and friends.
  • Seek support from Australia's IDCare who provide free advice and steps to take for affected individuals.
  • Report the scam to Scamwatch.
  • How do you know if you've been hacked?

    Some of the warning signs that you might have been hacked include:

    • You are signed out of your online accounts (social media, email, online banking, etc.), or you try to login and discover your passwords no longer work.
    • You receive emails or text messages about login attempts, password resets, or multi-factor authentication (MFA) codes that you didn’t request.
    • You notice strange emails in your 'Sent' folder.
    • You receive more spam emails — especially ones that specifically threaten or try to extort you.
    • Friends or family members tell you they’ve received strange messages from your email or social media accounts.
    • You receive a data breach notification from a company or service that you use.
    • You suddenly receive pop-ups that claim your device is infected with a virus.
    • Your devices slow down, heat up, or start to crash more often.
    • You notice browser plugins, add-ons, or toolbars that you didn’t install.
    • You get redirected to unwanted websites, or they open automatically behind your browser window.
    • Your cursor starts moving by itself — when you haven’t touched the mouse or trackpad.
    • There are suspicious charges on your credit card or bank statements.
    • Your web camera light is on, even when you’re not using it for video calls or recordings.
    • Your antivirus software is disabled when you haven’t changed anything.
    • Google “Have I Been Pwned” and check if your email has been involved in known data breaches. If so, change the password of all the accounts affected.
  • Protect yourself from social media dangers

    Assume all your posts are public

    Even if you choose the highest security settings, anyone you are connected to can share your content with anyone they are connected to. Your posts may stay out there forever even if you change your mind and want to delete them. If you are employed, your employer may have a social media policy that you also need to comply with.

    Watch out for fake friend requests

    It's best not to accept friend requests from anyone you don't know personally. If you accept a friend request from a fake profile set up by a hacker, they can not only see everything you upload to your social media, but they can also download your photos and information and set up a fake account using your name and sending requests out to all your friends.

    Report cyberbullying

    Cyberbullying includes the use of social media, instant messaging, texts, websites and other online platforms to send abusive or hurtful texts, emails, posts, images or videos; spread nasty gossip or rumours online; or impersonate someone online or use their log-in; creating hate sites or implementing social exclusion campaigns on social networking sites.

  • Protect your accounts and passwords

    Enable Multi-Factor Authentication (MFA)

    MFA is a security measure that verifies your identity by requiring multiple proofs of identity to grant you access. Rather than just asking for a username and password, MFA requires additional credentials, such as a code from your phone. It helps keep your account safe even when your password gets stolen.

    Follow these steps to set up MFA for your UWA account.

    Do not share your passwords

    Sharing your password puts your physical and digital security at risk because it allows others access to all your personal information and provides them with the power perform prohibited activity.

    At UWA, it's against the Acceptable Use of IT Policy to share your university passwords with anyone.

    Use password managers

    A password manager is a browser add-in or app that stores your passwords, so you don't need to remember them. Once you've logged into the password manager using a 'master' password, it will generate and remember passwords for all your online accounts. It allows you to use strong, unique passwords that are difficult to hack (and remember).

    UWA has partnered with LastPass, a password manager to help you create, store and manage passwords for your accounts. You can create your own LastPass account for free using your UWA student email as LastPass username. Note that these accounts are not managed by the University.

Information and support


Being the target of a scam can be incredibly distressing. We can help you get through this. Seek support and advice at UWA.

  • Drop into The Living Room for a chat and get support if you’re stressed or upset.
  • Access our mental health and wellbeing services
  • For international students, reach out to the International Student Support team at [email protected]
  • For more information and handy cyber security tips, visit the University IT’s cyber security website.

External to UWA

There are Australian government departments who provide guidance on identifying and responding to scams.

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.