The University of Windsor has moved to an “essential service only” model. Learn More.
Cybersecurity Awareness Month: How to Spot Phishing Attempts

Cybersecurity Awareness Month: How to Spot Phishing Attempts

The University is targeted with fraudulent e-mails on a daily basis. Readers need to be constantly alert to the possibility that an e-mail is not legitimate.

Phishing Scams work by tricking you into clicking on a link or attachment in the e-mail that infects your machine or directs you to an imitation web site that steals your password. Sometimes the sender may want you to reply so that they can convince you to do something for them. Spear Phishing is a fraudulent message customized for a particular person or department. A common spear phishing scam targeting campus is the Gift Card Scam where you’re asked to buy gift cards for your boss and reply back with the activation codes.

How Do I Spot a Phishing Scam?

1. Think: Consider the request in detail. Is this normal or expected behaviour from this person?

2. Pause: The message has an unusual sense of urgency, requiring your immediate attention.

3. Identify: Check very carefully the sender’s name and email address. Does it look right?

4. React: Be warned by spelling errors, bad grammar, odd formatting, or missing signatures.

5. Links: When you hover over the link, the web address is suspicious.

6. Logins: The message asks you to log in or provide personal information to a website.

7. Files: There is an attachment you were not expecting, like an invoice.

You can see examples of phishing messages on the Cybersecurity Awareness website.

How Can I Avoid Getting Hooked by a Phishing Scam?

1. Call the sender to verify. If there's any doubt at all, make a call.

2. If you’re on a mobile device, wait until you’re on a computer so you can check more carefully.

3. Do not reply or act on unusual or out of character emails. Question urgency.

4. Do not open e-mail attachments or click links in suspicious e-mails. Hover the mouse over the link to reveal the real destination address.

5. Check the URL of login pages carefully! Make sure it is a login page you’ve used before.

What Should I do if I Suspect a Message is Phishing?

Please report a phishing scam or spam email by forwarding the message as an attachment to spam@uwindsor.ca or contact the ServiceDesk at ext. 4440.

Led by IT Services, Cybersecurity Awareness Month initiatives bring highlight cybersecurity issues relevant to the UWindsor community. More information, along with how you can protect yourself, can be found at uwindsor.ca/cybersecurity. This website will be updated regularly with best practices and current threats.