Back to Email phishing

Email phishing

Email phishing attack at Australian Catholic University reveals employee details


On June 17, 2019, Australian Catholic University (ACU) revealed that personal details of its employees were breached in an email phishing attack. The exposed information included names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, and passport details. The number of affected accounts is still unknown.

What happened.

A phishing email sent to ACU employees contained a link to a fake ACU login page that allowed attackers to harvest employee credentials. Once the incident was discovered, ACU immediately notified the Tertiary Education Quality and Standards Agency (TEQSA), the Office of the Australian Information Commissioner (OAIC), and the Australian Cybercrime Online Reporting Network (ACORN).

ACU also notified the affected individuals of the breach and enforced password resets. Apart from implementing additional security measures, ACU has also taken steps to educate the employees on cybersecurity. Earlier this month, the Australian National University suffered a similar data breach where 19 years of data was accessed.

Attackers use techniques like phishing, brute force, and credential stuffing attacks to gain access to email accounts. A smart tool like Exchange Reporter Plus enables organizations to stay ahead of attackers by monitoring for and thwarting email-bound cybersecurity threats. Download a free, 60-day trial of Exchange Reporter Plus today.

How ManageEngine can help

Exchange Reporter Plus provides a host of reports that can help you locate suspicious emails, both sent and received, based on keywords in the subject line and body text. Often times, these malicious emails appear to be valid, tricking users into opening the emails and clicking on the dangerous links embedded in them.

With Exchange Reporter Plus, you can locate emails based on:

  • Messages by subject keyword. Use reports to identify particular keywords in the email subject lines.
  • Messages by body keyword. Identify all the messages in your mailbox that have a particular keyword in the body of the email.
  • Attachment name. Receive a report of all emails in your mailbox that have an attachment with a specific name. If you know the names of the malicious files, you can take the necessary steps to stop email-bound threats.
  • Attachment type. Spot malicious software based on an attachment’s file extension. (Most malware comes in EXE format.)
  • Non-owner mailbox access. Obtain reports on all users who gained excessive rights to access other user mailboxes.
  • The number of emails received from a specific domain, sender, department, or external email address. Receive reports on all incoming emails from an external email address, a blacklisted sender or domain, or a specific department.
  • Messages by subject keyword
    Messages by body keyword
    Attachments by file name keyword
    Attachments by file extension keyword

Explore more features in Exchange Reporter Plus, and gain granular insights into your Exchange environment.

If you are using Exchange Online in your environment, M365 Manager Plus offers an advanced Microsoft 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subject lines, attachments, and bodies of emails. With this feature, you can identify the sender's email address, the device and OS used to compose the email, and the servers the email passed through.

Start your free, 30-day trial of M365 Manager Plus today to try out all these features.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.