Phishing awareness: avoid fake emails and scams

Be aware of the latest phishing emails linking to fake copies of an official page, such as SharePoint, which ask for payment via gift cards or online vouchers.

News story
Published on Tuesday 26 May 2026
Last updated on Tuesday 26 May 2026
View more announcements in Communications

We’ve recently seen a scam email circulating that may appear especially convincing, as it was sent from an internal email account that had been compromised. Because the message came from a trusted source within the organisation, it may not immediately raise suspicion. The emails claims to be from an individual offering valuable items (such as laptops, gaming consoles, and musical instruments) to staff and students for free, with only a shipping cost to be paid.

While this might seem like a genuine opportunity, it is not legitimate. This type of message is designed to trick recipients into making payments or sharing personal information.

Although the sender may look familiar, there are still clear warning signs. The offer itself is unrealistic, promising expensive items at no cost. It directs you to respond via a personal email account rather than an official organisational address. It also creates a sense of urgency, encouraging quick action, and introduces a vague “shipping fee” as the only requirement.

It’s important to remember that even emails from known or internal accounts can be unsafe if that account has been compromised. Always take a moment to question unexpected messages, particularly those involving money or unusually generous offers.

If you receive a message like this, do not respond or engage with the sender. Do not send any money or gift cards, or share any personal information. Instead, follow the guidance on how to report it so it can be investigated, and then delete it.

If something feels too good to be true, it almost always is. Even when it appears to come from someone you know, it’s worth pausing to verify before taking any action.

Many recent scams ask you to transfer money via a gift card, which they use because they're untraceable and work just like cash once the codes are shared.

You should never pay for items or bills with gift cards. If someone asks you to buy a specific type of gift card (such as Apple, Amazon, or Google Play) and asks for the code, stop responding immediately. Follow the guidance on contacting your bank.

Read more about identifying phishing emails including how to check the 'from' address.