Phishing: Typically, you receive an email that appears to come from a reputable organization such as a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords can be stolen and used by the hackers.
Spear phishing: Unlike phishing which involves mass-emailing, spear phishing is small-scale and well-targeted. The hacker emails users in a single business. The emails may appear to come from another staff member at the same company and ask you to confirm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website.
You can avoid phishing attacks through several ways:
- uOttawa and other reputable organizations will never request via email your password, your SIN, etc.
- Never reply to an email or click on any of the links in the email that asks you this kind of information.
- Clickable images are a favourite tactic in phishing attempts. You can hover over the image and check if the web site is from a trusted source.
- Delete the email from your INBOX and then empty it from your DELETED ITEMS folder to avoid accessing accidentally the web sites it points to.