21 November 2014

Alert Priority High

Phishing attacks posing as emails from your company’s IT helpdesk are becoming increasingly common. These attacks attempt to gather your information for identity theft purposes and can also spread malware.

You should ensure that emails claiming to be from your IT helpdesk are legitimate before responding with information about your identity or your computer.

Indicators of IT helpdesk phishing emails

Signs of potentially fake emails include:

  • the sender address of the email should be from an expected or known IT helpdesk address in your company
  • emails that do not specify your company’s name, instead use generic terms such as ‘IT helpdesk’
  • incorrect company branding, for example, the wrong text, font or colour
  • a sense of urgency, using language such as ‘immediate downtime’ or ‘act immediately’
  • requests to install software onto your computer
  • requests for a password.

Poor use of language, spelling mistakes or incorrect grammar can also indicate the email is phishing. The following is an example of a recent IT helpdesk phishing email:

Good morning,

We will be performing emergency maintenance on our network equipment.

Anticipated downtime will be approximately 60 minutes. This will affect both internet access and phone service.

Click on the below link and follow the instructions


We apologize for the inconvenience.
Thank you,
Help Desk
All Rights Reserved © 2014

This message attempts to send you to a website where identifying information is requested. Such information can be used to steal your identity or target your computer.

Other examples of phishing attacks such as these have attempted to spread malware in two possible ways.

The email could ask you to install software on your computer. Any requests such as this, to install software from the internet, should be considered suspicious. Most IT helpdesks will have systems in place for installing software on users computers.

The email could direct you to a website and attempt to install software without your knowledge. This is known as a drive-by-download and can happen simply by clicking the link in the email and visiting the website.

To stay safe, it is important that you do not click links in phishing emails or reply to the sender if you do not know them.

Information for IT helpdesks

IT helpdesks can also help stop users in their company from being attacked in this way. IT departments should ensure that clear procedures for safe communication with staff are in place and being used. These procedures may include:

  • updating email filters to stop phishing emails from being delivered to people’s inboxes
  • using a standardised format for sending helpdesk requests
  • employing a system to allow people to verify requests from outside their email. A commonly used example is the helpdesk ticketing system
  • including basic company information in helpdesk requests, such as the name of the company
  • sending all helpdesk requests from a single email address, such as helpdesk [at] company.com.au
  • ensure that staff are aware of IT requirements with plenty of notice. Limit the number of urgent requests made of staff
  • do not ask for unnecessary information in emails, and never require the user to provide their password.

It is important to ensure that staff are aware of basic rules for helpdesk requests. This allows staff to spot fake IT Helpdesk emails more easily.

More information

Stay Smart Online contains more information on phishing for both home users and businesses.

You can also report spam and phishing to ACMA.

Information provided by the Internet Commerce Security Laboratory (ICSL)

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online