Spam and phishing

Spam is the practice of sending unwanted email messages, in large quantities, to an indiscriminate set of recipients. Some spam can also include malware or viruses that are loaded onto your computer without your knowledge. UCT manages spam for all email addresses by using Mimecast, which holds onto suspected spam messages so that you can review them and either block or allow them into your mailbox. Office 365 offers online spam protection for addresses.

Phishing is an attempt to get you to hand over personal or confidential information to a criminal. The requests may seem legitimate and may be perpetrated by phone, email or via the internet. ICTS provides you with information on how to recognise phishing messages and we encourage you to report them as soon you encounter them.


How does UCT manage spam?

Within seconds of being received by the UCT mail gateways, email messages pass through a number of security checks before being delivered to your mailbox. This is to prevent as much spam as possible from coming into the organisation.

UCT has to deal aggressively with spam because higher education institutions are one of the most spammed sectors in the world. However, sometimes these aggressive spam controls prevent legitimate messages from getting through to your mailbox. There are a number of reasons that this happens, but to help you retrieve those messages UCT has enlisted the services of the Mimecast online email management tool for all UCT email addresses. The Mimecast service is only available for email addresses (i.e. UCT staff, third parties and postgraduate students).

Can I decide what is and isn’t spam?

If the Mimecast tool suspects that a message is spam, instead of removing it from the system, you will receive an email telling you that a message has been placed in the Mimecast On Hold queue. This gives you the opportunity to either ReleaseBlock orPermit the message.

  • Release: allows the message to be delivered to your mailbox, but does not automatically allow any other messages from the same sender to reach you.
  • Block: rejects the message and blocks this sender from sending emails to you in future.
  • Permit: delivers the message to your mailbox and you allows this sender to email you in future.

You will only receive an email if there are spam messages in your Personal On Hold queue. Hopefully over time you will receive less and less spam as the system "learns" what you do and don't allow through.


What to do if you suspect a phishing attempt or fall victim to one

If you receive a suspicious email in your UCT email account asking you to click on a link, or requesting your personal information:

  • DO NOT follow the message's instructions.
  • DO NOT forward the message to anyone else.

Instead, send the message to the IT Helpdesk ( for investigation.

You will need to send a copy of the original email or the header information in the original email.

Steps to follow if you have a myUCT email address

  1. Navigate to and log on with your UCT student number and password.

  2. On the selected email, navigate to and click on the ellipse to access More actions
  1. From the More actions fly-out menu, select View message details
  1. Select all of the message content and copy this into a new email address to

Instructions to follow if using the Outlook desktop client

  1. Double-click the email message to open it.
  2. Click File in the top left corner > Save as.
  3. Select a location to save the email and click Save.

Send the saved file as an attachment to

    NOTE: This reporting process applies only to your UCT email account. If you receive phishing attempts in non-UCT email accounts (e.g. Gmail), please follow the process specified by that email service provider. This can usually be found in the service provider's Help or Support pages and will help your service provider to minimise future phishing attempts to that email account.

    2. Change your password

    If you responded to a phishing attempt and handed over your password and username you need to change your password immediately via Password Self-Service on a device that you know to be free of malware and infection.
    If you responded to a message that requested your username and password for external services (such as Facebook, LinkedIn, etc), immediately log in to the relevant website and change your password.

    3. Follow up with external service providers

    If the phishing attempt relates to an external service provider - such as your bank:

    1. Contact the service provider and inform them that your account or information has been compromised.
    2. Let them know that someone has been impersonating their business (i.e. report the matter to them).
    3. Ask them to recommend the most secure methods to conduct your business with them. For example, many banks provide alternate accounts for online or telephone purchases. These special accounts limit the risk to a specific amount or transaction.