Let’s crush phishing!
You have the power: Follow three simple guidelines when checking your email
There has been a marked increase in phishing scams during the coronavirus outbreak. With many staff and faculty now working at home, it is important to be on the alert and to remain vigilant for potential scams.
Practise safe computing in three easy steps:
- Don’t click on a link or open an email attachment—unless you know the sender and were expecting the message.
- Review and recognize the telltale signs of a malicious email message.
- Send any suspicious message to spam [at] umanitoba [dot] ca or infosec [at] umanitoba [dot] ca.
Recognize that all the power is in your hands, as Wombat IT Security notes. A scammer can’t do anything without you somehow engaging, clicking or responding.
How can I recognize a malicious email?
All phishing messages try to manipulate people into doing what the scammers want, such as giving them your personal information. Here are a few telltale signs:
- The message was sent from outside the UM. Check for the notice at the top of your email and always think twice when you see it!
- The message asks you to do something, and includes a scare tactic or an urgent emotional appeal like “Update your password now!” “Get your free Netflix subscription!” or “Donate to victims of COVID-19”
- It uses poor grammar and spelling
- It uses an unfamiliar or overly generic email signature
- The message contains attachments or links to login pages
Many phishing attacks are simple, but some attacks are sophisticated. They are well written, look like they come from a trusted contact and they lead to a site that closely resembles the real website.
Remember, DO NOT click the email link or attachment. Instead, if you receive an email asking for your account credentials or personal information such as your social security number, birth date, or credit card number, go directly to the real website to verify that the communication came from that organization, or immediately forward the message to spam [at] umanitoba [dot] ca.
What will happen if I click on a link or attachment?
Clicking on a link in a phishing email may take you to a fake page that looks like a webpage of UM, financial institution, PayPal or other valuable account. The page could install malware on your computer simply because you clicked on the link.
It could also ask you to enter your password or other important information.
If you enter your password, the scammer would have your login information without you knowing. If malware is installed on your computer, your important data and the university’s network could be held hostage.
Opening an attachment also puts your own computer at risk of malware.
Remember: Information Security Starts with You! You have the power.
Parts of this article were adapted from [“Making Phishing Attacks History!”] published in March 2020 on the website of EDUCAUSE, the organization for IT in higher education.