Phishing alert: When in doubt, toss it out!
The following is a message from the IST Service Desk.
IST Security Alert
You may recently have received an email with the subject of “University of Manitoba: E-mail Account Update” or “UM ALERT: UPDATE YOUR E-MAIL ACCOUNT.”
These are not legitimate emails. When in doubt, toss it out.
If you have received either of these emails:
- Delete the message.
- Do not click the link or visit the webpage it directs you to because it is a phishing scam used to collect log-in credentials.
- If you have visited the link and have logged in, you should reset your password.
- If you require assistance, contact the service desk for assistance with resetting your password (information below).
- Remember to be very cautious with all account emails.
How to spot phishing attempts
What is phishing?
Phishing is the practice of luring unsuspecting Internet users to fake websites by using authentic-looking emails with attachments or links to websites in an attempt to steal passwords, financial or personal information, or to introduce virus attacks.
You have probably seen some kinds of phishing email already, even if you didn’t realize it was a phishing email. For example, you may have received an email asking you to verify your account information for your Bank of America or PayPal account, when in fact you don’t have an account with either of them.
The best way to protect yourself against phishing emails is to know how to spot them. Below are some of key things to watch for. This information will help you protect against phishing scams.
1. Emails that try to play on your emotions should be treated as suspicious. Phishing emails often try to play on your emotions by:
- Promising a financial reward of some kind if you click a link and enter your log-in information. If an email offers you something that is too good to be true, it probably is!
- Urging you to perform an action before a strict deadline. Phishing emails will try to fluster you by creating a sense of urgency.
- Promising to show you something secretive or exciting. Phishers try to take advantage of your curiosity.
- Threatening you with negative consequences if you don’t perform an action.
2. Inspect your emails and watch for suspicious indicators such as:
- A signature block that is very generic and/or doesn’t follow company standards.
- A sender address that is different than the sender name.
- An email tone that is not what you would normally expect from your co-workers or friends.
3. These suspicious elements are commonly found in phishing emails:
- An email attachment from someone you don’t know OR an email attachments from someone you know, but weren’t expecting.
- Links to web pages that look like authentic login pages.
- Email links that don’t match the real URL.
Information security starts with you — don’t let a phishing scam reel you in!
Protect yourself and the University. Remember:
- Don’t open unexpected attachments;
- Don’t give up your personal information; and
- Don’t click links without checking.
If you receive emails that you are uncertain about, be safe. DO NOT click any links. Delete or forward the email as an attachment to Servicedesk [at] umanitoba [dot] ca
Note: This web button (left) on any U of M webpage indicates an IT security alert; you can click to follow the link for more information.
Read the previous UM Today article on phishing scams.
See the Information Security & Compliance website.
For help or more information contact:
IST Service Desk
Information Services & Technology
University of Manitoba
123 Fletcher Argue
230 Neil John MacLean Library
Servicedesk [at] umanitoba [dot] ca