Authentic-looking phishing email could look like it's from the IT Support Centre, maybe your Dean, a project partner or your boss.
The email might ask you to click on a link or url - the sender just wants to confirm account information or something similar by getting you to click on the provided URL. Don't click on it! Criminals use emails like that to deceive people into revealing their confidential security information, such as login and password credentials.
What is phishing?
Phishing is an impersonation of a corporation or other trusted institution. The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a criminal activity utilizing social engineering techniques, and usually done using e-mail or instant messaging.
Criminals work to make the email as authentic-looking as possible so that the victim will either directly respond, or will open a URL link to a fake web site run by the criminals.
How is it done?
Criminals (hackers) send out spoof (fake) emails. These emails are randomly sent to thousands of email addresses, simultaneously. Criminals want valid UCalgary faculty or staff members to respond to their requests.
Some emails are obviously a scam, while others are more subtle. Many have poor grammar or spelling, but all have been very effective in acquiring user IDs and passwords. Criminals usually do this on the premise of wanting to ensure security details, getting you to share that information verbally, or by clicking through to another website that the criminal has created.
Your information is recorded and could be used to gain access to your account. The result could be fraudulent emails being sent from your email account, access to your computer files and/or accessing your private information to commit identity theft.
What is IT doing about email phishing, scams and hoaxes?
IT uses spam blocking technology which identifies and blocks 85-90% of all inbound email messages. This is more than 99% of the spam directed at University of Calgary faculty and staff. Unfortunately, even with the best spam blocking technology, some spam will get through to your inbox.
Phishing safety tips
- DO NOT take technical advice by phone or email from anyone claiming to be from Microsoft or Apple.
- Delete and DO NOT respond to suspicious emails. Trust your instincts - if you think it’s a scam, it probably is.
- DO NOT email personal or financial information.
- DO NOT click on links in an email claiming to bring you to a secure site.
- DO NOT provide passwords credit cards or any personal information in an e-mail. Trustworthy companies, or individuals, will not ask for personal information in an e-mail nor will they ask you to do something to your computer. For example: “follow these instructions to remove an infected file”
- If you receive an attachment from someone you do not know or an unexpected attachment from someone you do know - DO NOT open it. Check first to ensure that it is a legitimate attachment.
- DO report the phishing scam. If it is an email to your ucalgary.ca account, forward the message through your junk mail tool.
- DO regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- DO contact the organization by using a telephone number from a credible source such as a phone book or a bill (but NEVER from the suspicious email or text).
Will IT ever ask for my password?
NO. Our organization will never directly ask you for any personal information or passwords. Anyone who asks for any personal information, by phone or email, claiming to be IT, is phishing for your information!
If you're still suspicious, please contact IT at email@example.com or 403.210.9300 for advice.