What is Phishing and how to spot e-mail scams?

The University is targeted with counterfeit e-mails on a daily basis. Readers need to be constantly alert to the possibility that an e-mail is not legitimate.

Examples of these faked e-mails include: An e-mail telling us that our account will be suspended unless we click on the included link. A request from a co-worker or boss asking you to do an unusual favour for them right away. A message with an unexpected attached invoice.

These are called Phishing Scams. They work by tricking you into clicking on a link or attachment in the e-mail that infects your machine or takes you to a faked web site that steals your password. Sometimes they want you to reply so the scammer can convince you to do something for them.

Spear Phishing is a scam where the message is customized for a particular person or department. A common spear phishing scam targeting campus is the Gift Card Scam where you’re asked to buy gift cards for your boss and reply back with the activation codes.

How Do I Spot a Phishing Scam?

  • Consider the request in detail. Is this normal or expected behaviour from this person?
  • The message has an unusual sense of urgency, requiring your immediate attention.
  • Check very carefully the sender’s name and email address. Is it what you’re used to seeing?
  • Be warned by spelling errors, bad grammar, odd formatting, or missing signatures.
  • The message asks you to log in or provide personal information to a website.
  • There is an attachment you were not expecting, like an invoice.

Some examples of phishing messages appear at the bottom of this article.

How Can I Avoid Getting Hooked by a Phishing Scam?

  • Call the sender to verify. If there's any doubt at all, make a call.
  • If you’re on a mobile device, wait until you’re on a computer so you can check more carefully.
  • Do not reply to or act on unusual or out of character emails. Question urgency.
  • Do not open email attachments or click links in suspicious e-mails. Hover the mouse over the link to reveal the real destination address.

What Should I do if I Suspect a Message is Phishing?

Please report a Phishing Scam or Spam Email by forwarding the message as an attachment to spam@uwindsor.ca or contact the ServiceDesk at 519-253-3000 ext. 4440.

Where can I find more information?

Watch this video on how to avoid taking the bait.

The United Kingdom’s Centre for the Protection of National Infrastructure has produced a quiz to test your skill at spotting phishing attempts.

Examples of Phishing Messages

This message is a message with a faked from address (this is called spoofing) that is designed to make it look like it came from a trusted organization:

Example of spoofed From address
Source: https://www.liquidweb.com/blog/5-tips-to-identify-dangerous-spam-emails/
 

This is an example of a Gift Card Scam phishing message:

Gift Card scam email exchange
Source: https://www.apa.org/about/division/officers/dialogue/2018/01/email-scams.aspx
 

This is an example of a message containing a link that goes somewhere other than where the link text suggests it does. If you hover your mouse over the link, the real destination of the link appears:

Phishing email with different real link target than display text
Source: https://www.reinhartmarketing.com/news/how-to-detect-scam-emails/

If you have any further questions or would like more information, please contact the IT Service Desk at 519-253-3000 ext. 4440.

 

Details

Article ID: 68760
Created
Tue 12/11/18 2:45 PM
Modified
Fri 1/31/20 4:08 PM