Authentic-looking phishing emails can appear to be from anyone - including from the IT Support Centre, your Dean, a project partner or your boss.
The email might ask you to click on a link or URL, often with a sense of urgency for you to confirm account information or something similar. Don't click on it! Criminals use emails like this to deceive people into revealing confidential information, such as login and password credentials.
What is phishing?
Phishing is an impersonation of a corporation or other trusted institution with the intent to extract passwords or other sensitive information from the victim. It is a criminal activity utilizing social engineering techniques and is usually done through email or instant messaging.
Criminals work to make emails look as authentic as possible so that victims will either directly respond, or click on fraudulent links to fake websites that steal your information.
How is it done?
Criminals (hackers) send out spoof/fake emails to thousands of random email addresses with the intent of convincing valid UCalgary faculty or staff members to respond to their requests.
Some emails are obviously a scam, while others are more subtle. Many have poor grammar or spelling, but all have been very effective in acquiring user IDs and passwords. Criminals usually do this with the intent of aquiring security details, getting you to share that information verbally, or by clicking a link to another website that the criminal has created.
Your information is then recorded and can be used to gain access to your account. The result could be fraudulent emails being sent from your email account, access to your computer files and/or accessing your private information to commit identity theft.
What is IT doing about email phishing, scams and hoaxes?
IT uses spam-blocking technology which identifies and blocks 85-90% of all inbound email messages. This works out to include 99% of the spam directed at University of Calgary faculty and staff. Unfortunately, even with the best spam-blocking technology, some spam will get through to your inbox.
Phishing safety tips
- DO NOT take technical advice by phone or email from anyone claiming to be from Microsoft or Apple.
- Delete and DO NOT respond to suspicious emails. Trust your instincts - if you think it’s a scam, it probably is.
- DO NOT email personal or financial information.
- DO NOT click on links in an email claiming to bring you to a secure site.
- DO NOT provide passwords credit cards or any personal information in an e-mail. Trustworthy companies, or individuals, will not ask for personal information in an e-mail nor will they ask you to do something to your computer. For example: “follow these instructions to remove an infected file”
- If you receive an attachment from someone you do not know or an unexpected attachment from someone you do know - DO NOT open it. Check first to ensure that it is a legitimate attachment.
- DO report the phishing scam. If it is an email to your ucalgary.ca account, forward the message through your junk mail tool.
- DO regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- DO contact the organization by using a telephone number from a credible source such as a phone book or a bill (but NEVER from the suspicious email or text).
Will IT ever ask for my password?
NO. The University will never directly ask you for any personal information or passwords. Anyone who asks for any personal information, by phone or email, claiming to be IT, is phishing for your information!
If you're still suspicious, please contact IT at email@example.com or 403.210.9300 for advice.