InfoSec Blog - Simulated Phishing Emails Coming Soon: Don't Get Hooked!
December 1, 2020
Earlier this semester we provided the campus community with cyber security awareness messaging focused on the threat of phishing. Phishing remains one of the most common techniques used by cyber criminals to try to trick you into providing sensitive information.
To continue our awareness efforts, Information Security will soon begin sending simulated phishing messages within the campus community. This will be an ongoing and continuous process throughout the year.
Our only goal is to raise awareness on this important topic by improving our ability to recognize phishing emails. The specific content of our messages will change frequently to simulate themes and wording commonly used by cyber criminals in the real world, including IT Help Desk impersonation and password notifications. These simulated phishing email messages will attempt to lure you into clicking a non-University link and provide your University credentials.
If you recognize the message as a phishing message, please send it to the CCS Help Centre (IThelp@uoguelph.ca), as you would for any other suspicious email message. However, if you click the link and provide your credentials you will be redirected to an Information Security website containing phishing awareness information, including tips to detect phishing messages in the future and links to additional cyber security awareness training. Information Security will not store any credentials submitted, individuals will not be identified, and we will only collect and share consolidated metrics for reporting purposes.
How to Recognize a Phishing Attempt
- Sender email addresses that do not match the organization from which the message claims to be sent (e.g., your bank would never send an email from a Gmail account)
- Embedded links (links in text or in images) that display an unexpected or suspicious URL when hovered over
- Offers that seem too good to be true
- Urgent requests for personal information with severe or unrealistic consequences for inaction
- Spelling and grammar errors
- Unexpected attachments
- Emails containing short URLs – these links can be dangerous because you don't know where they will take you. However, you can trust short links that start with uoguel.ph because they are unique to U of G and are safe!
What To Do If You Suspect a Phishing Attempt
- Do not respond or open any links in the email until you have confirmed it is safe
- Do not provide your password to anyone and remember that U of G will never ask you for it
- When entering your U of G password online, always double check that the URL at the top of the page reflects the legitimate U of G Single Sign-On page (look for the green lock symbol and "University of Guelph" in green text at the beginning of the URL)
Your best defense is to be aware and be prepared!
Written by: Stephen Willem (Chief Information Security Officer)