DON’T TAKE THE BAIT!
Phishing is one of the most common methods for cyber criminals to access your personal information. They lure you into clicking on links to malicious content, try to convince you to share your password, or try to infect your system with malware. The people who do this pose as representatives of trusted, well-known organizations, and ask for information that will allow them to impersonate their victims.
Phishing can have a serious impact, including:
- Loss of personal information (email conversations, photos, private information)
- Financial loss and credit score tampering
- Identity theft or impersonation
- Further spread of malware or phishing email
- Unauthorized access to University systems
- Access or breach of University data
- Loss of productivity due to your account being locked
Plenty of phishing attempts have spelling, grammar, or other glaring errors that can tip you off it’s a fraud – but just as many don’t. Some of the most sophisticated phishing attempts will appear to come from people you trust.
Be wary of emails that ask you to open a file, click on a link, or enter information into a form. Be especially careful of emails that ask you to enter your University login credentials.
Phishing messages will usually try to provoke an emotional response by posing as an urgent request with severe or unrealistic consequences for not responding immediately.
If an offer in an email sounds too good to be true, it probably is!
Confirm Before You Click
If an email seems suspicious, call the sender or contact them outside of email. If you click on a phishing email “just to check” if it’s really from a friend, coworker or classmate, it may already be too late. Even clicking on that link can infect your system with malware.
Always hover over links in emails to ensure the link goes to a legitimate website.
And know how to spot a fake login page. You should always verify the validity of a site that asks for your login credentials before entering them. Check out our blog post on how to verify the University of Guelph single sign-on page.
When in doubt, report it. Email firstname.lastname@example.org if you have concerns about a possible phishing email.
Phishing attempts will try to use publicly available information about your organization to create a more authentic message. Read the email carefully and think about the style and tone.
Remember: The University of Guelph will NEVER ask you for your password or other sensitive information via email.
How We Respond to Your Phishing Reports
Phishing emails are a reality in our current email landscape. The University of Guelph has made significant investments in technology to filter out these types of messages. On an average day, the University receives 3.8 million email messages. Of that number, 97% are automatically blocked and identified malicious.
However, attackers work tirelessly to circumvent our security controls, and no matter how much we invest, some phishing messages will get through. On a typical day, CCS receives many reports from clients like yourself. We rely on these reports to help bolster our defenses and because we get so many of them, we have a standard way to address these reports. Not all actions will be necessary for all reports, but here are some of our standard responses:
- Acknowledge the report and thank you for reporting it
- Provide security awareness information as needed
- Block future messages of this type for all users
- Purge the message from all campus mailboxes to protect campus users
- Update the “Recent Scams and Phishing” page to inform others
- Assess any additional risk posed by this message and investigate further
Due to the volume of phishing reports, we may not be able to provide a personalized response to all users when they submit a potential phishing message. However, we value every phishing report and appreciate your help in defending the University of Guelph from cyber attacks.