Smartphones, emails, and social media accounts are not exempt from phishing. Phishing refers to an attempt to retrieve confidential information such as usernames, passwords, credit card numbers and other important credentials, by using malicious emails and phone calls as well as other untrustworthy techniques. There are different types of phishing. The most common are scams, spams, spear phishing, links to other websites, generic text messages and emails.
What is a phishing attack?
- An email or text message that appears to be sent from a known contact or organization containing links to a malicious website set up to retrieve personal information;
- A phone call from a vendor officer claiming to work for a recognized company;
- An email message asking you to verify your account, re-enter information or make a payment;
- A spear phishing which is a customized email that appears to come from your organization including your name, your position, title, and other related information aimed to trick you. They usually contain attachments.
- Think before sharing – Whenever you receive an unknown phone call, a suspicious email or text message, avoid providing information related to your date of birth, your social assurance number, your bank account number and other sensitive information.
- Be wary when you receive emails, or phone calls asking you to press a number, click on a link or download files. Those actions might put yourself, the University and your files at risk.
- Look but don’t click – Hover the mouse over any link in the message and if it looks weird, type directly the address instead of clicking on it.
- Look at the signature – If it is an email or message that appears to be sent from the University or a known company, look at the signature. Missing details or misused information can help you detect a phishing attack.
- Report a suspicious email – Secure your account and the University email infrastructure by reporting any suspicious email.