Information and Communication Technology

Recent PHISHING Fraud

Warning! Recently fraudsters have tried to steal personal information by pretending to be a KWS staff member using an email that appears to be from an official KWS email account. This is known as phishing.

Spear phishing (or Whaling) definition: the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information; release funds; redirect funds; or take an action that could compromise an individual, group or an organisation.

Some signs that an email you have received is not authentic:

• No name in salutation .. "Hi,"  rather than "Hi Jane".
• Some typos and/or punctuation issues.
• Clumsy language (not quite legit, even though emails sometimes contain typos).
• Time pressure "Can I have my new banking information sent to you right away for the change."
• It is from an external non-KWS email address, e.g. is a Canadian email address such as mailto:soniacargan01@gileadcanada.ca” but has the email name of a member of staff; another example might be that the email seems to come from "Dr Andrew Parry" but is actually from "ceo@ced-md.co.uk". You can check this by hovering your mouse pointer over the top of the email address (without clicking).
• The original email was time stamped at an unusual time or date.
• Unusual signature/disclaimer - the KWS email disclaimer is attached, but not the staff member's email signature. Personal emails do not have the KWS email disclaimer nor do they have a KWS email signature.

To reassure you...

KWS have raised awareness amongst staff about recent email extortion attempts and phishing attacks.  KWS will only acknowledge internal KWS emails as the official email channel for internal KWS matters.  KWS will not change your details unless it is in writing from your nominated email account. Please disregard any email communication pretending to be from a KWS staff member if the email address does not have the correct domain - the official emails end in @kws.nsw.edu.au for staff or @student.kws.nsw.edu.au for students.

What to do if you receive a phishing email attack:

• Mark the email as SPAM/Inappropriate (right click to mark as SPAM).
• Report the attack via https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing
• If the email has a bank account BSB and Account number, call the bank and report it.
• Delete the email.
• Scan your computer for Malware.
• If you are unsure on any suspicious emails please seek advice from Director of Information Services, Darryn Marjoram or other trusted ICT advisor.

Mr Darryn Marjoram

Director Information Services, ICT