Do You Know the Statistics?

1 in 10 Canadians say they've unknowingly replied to phishing messages.

22% of data breaches involve social engineering.



Usually taking the form of an email, text message, social media message or phone call, phishing is a common impersonation tactic that cybercriminals use to steal your personal and financial information. Unlike social engineering that targets a specific individual or corporation, phishing is usually done en masse, sending thousands of messages hoping that at least one of their recipients will take the bait. 

Cybercriminals will impersonate corporations or other trusted institutions, such as banks or government bodies. 


What can a "Phisher" look like?

Government Organizations


Phone/Internet Providers

Streaming Services

Online Stores

People you Know (friends, colleagues, employers, etc.)


Social Engineering

Social Engineering is conducted by cyber threat "actors" who research and target specific individuals.

These actors will devise a plan to deceive or trick these specific individuals into providing personal and financial information, instead of sending generic messages to thousands of people or attacking devices directly.

What can a Social Engineer look like?




Familiar Company


Another Trusted Source

Cyber Scams are More Common than you Think

1 in 99 emails are phishing emails.

98% of cyberattacks rely on social engineering.

Phishing: How is it Done?

Initial Email

Criminals (hackers) send out spoof/fake emails to thousands of random email addresses using urgent or threatening language to trick you into responding to their requests for sensitive information. 

Embedded Links

These emails often have embedded links that will direct you to fake login pages that ask you to update your account information and/or demand your financial information. 

Recorded Information

Recorded information is then used to gain access to your account. If you use the same password in multiple locations, then multiple accounts can be compromised. The result can be fraudulent emails being sent from your account, cybercriminals gaining access to your computer files and/or your private information, and your identity being stolen. 

Communications Security Establishment

Social Engineering: How is it Done?


A cybercriminal does research on search engines and social media to learn more about you or your company. 

Initial Message

They send you a message that appears to be from a friend, a colleague, a relative,  your boss or a familiar company. 

Data Breach

They then trick you into sending sensitive information like your financial data, passwords and/or credit card numbers.

Spot the Red Flags

Watch for the following signs of scams and fraudulent messages.

They are usually followed by a request for personal information, for you to click a link or attachment, or for you to make a money transfer.

Remember: UCalgary, governing bodies and law enforcement agencies will never use messaging or emails to request sensitive information.

Urgent or Threatening Language

  • Pressure to respond quickly.
  • Threats to close your accounts or take legal action against you.
  • Telling you there's a warrant out for your arrest. 

Suspicious Attachments

  • You're the winner of a contest you didn't enter.
  • You have to click on a link to receive your prize or learn more information. 
  • You've received an inheritance from a long-lost relative. 

Unprofessional Design

  • Incorrect or blurry logos.
  • Image-only emails with no highlightable text. 
  • Company emails with little, poor or no formatting. 

Unexpected Emails

  • Receipts for items you didn't purchase. 
  • Updates on deliveries for items you didn't order. 
  • Attachments you didn't ask for.


IT Service and Support

  • IT uses spam-blocking technology which identifies and blocks 85-90% of all inbound email messages.
  • This works out to include 99% of the spam directed at University of Calgary faculty and staff.
  • Unfortunately, even with the best spam-blocking technology, some spam will get through to your inbox.

    This is why it's important to educate yourself on cybersecurity best practices for staying cybersafe

Visit UCalgary IT

Will IT ever ask for my password?

NO. UCalgary will never directly ask you for any personal information or passwords. Anyone who asks for any personal information, by phone or email, claiming to be IT, is phishing for your information!

If you're still suspicious, please use the "report" function in Outlook and choose "phishing". You can also reach out to UService for advice through livechat on ServiceNow, at 403.210.9300 or at

Safety Tips

  • DON'T take technical advice by phone, email or messaging from anyone claiming to be from Microsoft or Apple.
  • DON'T click on links in an email claiming to bring you to a secure site.
  • DON'T provide passwords, credit cards or any personal information in an email. Trustworthy companies, or individuals, will not ask for personal information via email nor will they ask you to do something to your computer. 
  • DO report phishing scams. Use the Outlook "report" function and select "phishing". Learn more here
  • DO regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
  • DO contact the organization by using a telephone number from a credible source like an independent search or from a bill (never from the suspicious email or text).