How to spot a phishing scam
Cyber-criminals are targeting the University, and you, right now. They are trying to trick you into revealing passwords, clicking links, buying things, giving away personal information, altering the behaviour of the device you use, and a lot more. If you are thinking “it can’t happen to me”, or “why would they bother with me?”, consider this. Cyber-criminals are using you as a stepping stone to the things that are valuable to them. Most of these scam emails are being intercepted by your personal SPAM filter, and in the case of your UC email, the University’s PreciseMail SPAM filter. But some could still get through to your inbox.
So, what is a phishing email?
A phishing email is an email that encourages you to take a specific action. That action leads to a compromise of your security or the University’s security. It could use you to become part of a criminal chain of events.
What can be particularly confusing about a phishing email is that it can even appear to come from someone you know and trust.
Tips to help you spot a phishing email
– Strange requests. Would the person you think the email is from really ask you to do that?
– The sender’s email address seems odd or contains an odd ending. For example, the email address is firstname.lastname@example.org,
or email@example.com instead of firstname.lastname@example.org
– The message contains a mismatched URL (link to click). Even if a URL/link in an email appears to be perfectly valid. However, if you hover your mouse over the top of the URL/link, you should see the actual hyperlinked address. If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious, and you should not click it.
– The message contains poor spelling and grammar.
– You didn’t initiate the action.
– The message asks for personal information.
– You’re asked to spend money or send money.
– Something just doesn’t look right. Be suspicious.
What should you do?
– Think before you click! Does the email fit any of the “red flags” listed above?
– Never give out personal information – as a general rule, you should never share personal or financially sensitive information over the internet. Most phishing emails will direct you to pages where entries for financial or personal information are required.
– Make it a habit to check the address of the website and the email address of the sender. A secure website always starts with https. Does the sender’s email address seem odd?
– Be skeptical, not curious. If in doubt, don’t!
– Most of all, rely on common sense. You can’t win a contest you didn’t enter. Your bank won’t contact you using an email address you never registered. Microsoft did not “remotely detect a virus on your PC.” These are all warning signs, think before you click, and never give out your password or financial info unless you’re properly signed into your account.
Have you also read our Tech Tip: Cyber security: yes, lock your doors