Returning to campus: Information, updates and vaccination requirements. Learn more.

Phish Alert - Online Banking Account, Package Delivery, Email Quota Increase, Fax Notification, Parking Ticket

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/04/2019

Description

Recently, the University has seen an increase in phishing attempts. 

Be aware that all messages that reach your inbox may not be legitmate.  Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. 

Such attempts recently witnessed include notifications for the following:

  • Online Banking Account needs to be reset or has been accessed (RBC, BMO, etc.).
  • Package delivery (UPS, FedEx, etc.).
  • Helpdesk / IT Support messages such as 'Increase Email Quota'
  • Fax Notifications such as "You have an unread electronic fax"
  • Electronic Parking/Speeding Ticket Notification/Court Date, appearance, or subpoena

Be very cautious about such emails which are attempting to get you to preform an action, such as click on a link, open an attachment, or enter a password.  When in doubt, delete the message.

Resolution

Being aware of what a fraudulent email appears like is critical in not falling victim.  Here is an example of what a phishing scam in an email message might look like:

What is phishing

  • Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.

  • Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

    Phishing scams masked web address

    Links might also lead you to .exe, .js or .vbs files. These kinds of file are known to spread malicious software.

  • Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised.

  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows.  Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.

Resources

More phishing related information such as "How can I tell if the message is real?"  and "What should I do if I suspect email phisihing?" can be found at the Phishing Infomormation resources page.