Phishing: If you suspect deceit, hit delete
The following is a message from Patrick McCarthy, director of Information Security & Compliance at the University of Manitoba.
A very warm welcome back to the University of Manitoba for all students, faculty and staff. With another year ahead of us come the very annoying and potentially harmful phishing and spam emails trying to get us to share private information.
The University of Manitoba stops millions of phishing attempts, spam emails, and virus infected messages every month. In fact we blocked over 8.4 million of these types of emails in the month of August alone. However, attackers’ methods change very quickly in an attempt to stay ahead of our blocking techniques. Due to the large range of use for our email, we must also be careful not to implement a filter which may block otherwise legitimate email from our users. So for the phishing and spam emails that do get through our filters we do need your help!
Below are some helpful tips on recognizing these types of emails and what you need to do to ensure you are not putting your personal information or the University of Manitoba’s assets and data at risk.
What is Phishing?
Phishing is typically an email scam designed to trick you into thinking a legitimate organization is requesting private information such as usernames, passwords, social insurance numbers and credit card details that is then used for fraud or identity theft. These scams ask you to send a reply, download an attachment or follow a link. The page may look exactly like an official website, but it is designed to steal your credentials or drop malicious software on your computer.
What does a Phishing email look like?
Phishing emails typically consist of:
- threats of account closure
- mentions of “upgrades” that require changes to your account
- “verification” of your account
- any request for userid, password, or financial information
- requests to “click a link” for anything related to email or financial accounts
- generic wording in the salutation, body or closing signature
- technical deception to make a link in an email appear to look legitimate
- images instead of text in order to evade keyword filters
- forging real websites, logos or login pages
- targets of email accounts, online banking, credit cards, PayPal, Amazon, and parcel delivery.
It is very important to remember that the University of Manitoba will never ask for your password or confidential banking information in an email, and you should never send it via email for any reason.
How can I avoid phishing scams?
- All unsolicited emails related to your accounts should immediately be considered suspect.
- Avoid clicking links in emails; especially any that are requesting private information.
- Be wary of any unexpected email attachments or links, even from people you know.
- You can always check the destination of the link by placing your mouse over the link.
- Never click a link in an unsolicited email instead visit the organization’s website directly by typing a known address into your browser.
Who do I contact if I think an email might be Phishing?
If you receive emails that you are uncertain of, DO NOT click any links. You can either delete the email or forward the email as an attachment to Servicedesk [at] umanitoba [dot] ca for review or you can contact the service desk for assistance:
Information Services & Technology
University of Manitoba
123 Fletcher Argue
230 Neil John MacLean Library
Servicedesk [at] umanitoba [dot] ca