More than a quarter (26%) of Canadians responded that they have been a victim of an email phishing scam, according to a survey prepared for the federal government.
Phishing scams can take several forms from emailing, texting, calling, or leaving a voicemail but all are trying to fool a victim to get their personal or corporate information. Hackers will use it to gain access to online accounts and more for fraudulent purposes.
“When you receive an unexpected call or email asking for personal or company information, you should think critically about the request,” says Kevin Macnaughton, team leader security in IT Services. “While the person may appear to be helpful or in need, often they’re trying to manipulate you and falling for it can cause significant monetary loss to you and the University.”
IT Services’ top five tips for spotting, and ultimately avoiding phishing are:
- Consider the request in detail.
- Is it an unusual or unexpected ask from the sender?
- Is there an odd sense of urgency?
- Does it ask you to open an attachment you were not expecting?
- Does the message ask you to log in or supply personal information to a website?
- Examine the sender’s name and email address carefully. Does is come from a public email like “gmail.com” or another free email service when it should be coming from a business or corporation.
- Review the message. Does it have spelling errors, bad grammar, odd formatting, or missing signature?
- Check any links in the message.
- When you hover over them, are the web addresses suspicious?
- Do any of the characters appear to be lookalikes instead of the correct letters?
- For call scams, beware of a request to access your computer. Do they want to connect with you via remote desktop or ask that you share your log-in information to an online account?
If you answer YES to any of the questions above, do not react to the message. Instead, if you think the message may be legitimate, contact the sender through a different communication channel to verify it. Otherwise, report the message or call to firstname.lastname@example.org or contact the IT Service Desk at 519-253-3000 ext. 4440.
Find examples of phishing messages on the Cybersecurity Awareness website.
To showcase the global cybersecurity efforts, we are sharing the Irish campaign, "Stop.Think.Connect.”
Led by IT Services, Cybersecurity Awareness Month efforts highlight cybersecurity issues relevant to the UWindsor community. More information can be found at uwindsor.ca/cybersecurity.