How to avoid Phishing – don’t get hooked

With the busy season of shopping and travel upon us; ITS wants to remind you that the University of Windsor, will never send unsolicited requests for passwords or other personal information via email.  Messages requesting such information are fraudulent and should be deleted.  This is known as Phishing and is an attempt to collect  private information such as user id, password, credit card, social insurance number and/or bank account details.   The communication will often appear to be from a bank, online payment, E- ticket/airline or IT Administrators requesting information or a confirmation of information.   Phishing is a costly problem and requires the end user to modify browsing habits as to not be easily lured, it is not our technical abilities but rather our vulnerabilities in our human behaviour that is dangerous.  We are tricked to click too quick.    

The different types of phishing methods are briefly explained below all attempt a form of deception, to take you off via a link to an illegitimate website operated by the cons.  

“Phishing” emails are designed to deceive you and portray trust as they masquerade as a trustworthy entity.  The arrived in 2001 and are now primarily linked to social networking sites, such as Facebook, Twitter and MySpace; it is in these locations they can obtain personal details used to steal your identity.  They look and feel valid with logos, etc. and are initial requests to obtain  information.  Once you link you are re-directed to a bogus website that is tough to distinguish from the real one.   Oher examples include Ebola Virus emails and Netflix login.

“Spear” phishing is directed at specific individuals or companies the attackers are attempting to gain personal information about their target to increase the probability of success. 

“Clone” phishing is when a legitimate and previously delivered email that had an attachment or link has had its content and recipient address taken and used to create an identical or cloned email.  It appears to be coming from the original sender, claiming to be a resend or updated version. 

“Whaling” is attacks specifically aimed at high profile targets within a business recent examples are the customers of PayPal 

The best way to avoid phishing is to not click the hyperlink’s offered in any questionable email, we need to pay attention to details that don’t appear quite right.  Always be cautious of emails that come from an unrecognized sender and are not personalized.  Never email personal or financial information.  Remember that passwords are not shared on the internet but are rather privately maintained by the user, use unique passwords for each website on the internet.   Don’t let the crooks exploit you this busy season. 

You are welcome to check with the Service Desk if receive a questionable email; either call Ext 4440 or forward the email to

Image courtesy of