Brock University’s Information Technology Services (ITS) team is warning students, staff and faculty of an email phishing campaign.

This past weekend, an Ontario college was targeted as part of a large spamming/phishing campaign, in which all students and employees received dozens of duplicated fraudulent messages that asked recipients to click links or reply to emails. Contact information from the affected accounts was stolen and used to spread the attack to other organizations.

Examples of the scams that affected the college were:

• One email posed as a college newsletter with news of an Office 365 migration. It asked for name and login credentials.
• Another message was addressed “Dear Student” and mentioned coronavirus news and job opportunities. The reply goes to a generic Gmail address.

No one should reply to these messages or click on any links. If a Brock student, staff or faculty member has replied to a suspicious message or clicked on a link, they are asked to change their password immediately and contact the Brock IT Help Desk. The spam email will redistribute itself using the accounts of students and employees who have fallen for the phishing campaign.

Common indicators of phishing attempts

• Suspicious sender email address: The sender email address may imitate a legitimate business. Cybercriminals often use an email address that closely resembles one from a reputable company by altering or omitting a few characters.
• Generic greetings and signatures: Both a generic greeting, such as “Dear Valued Customer” or “Sir/Ma’am,” and a lack of contact information in the signature block are strong indicators of a phishing email. A trusted organization will normally address recipients by name and provide their contact information.
• Spoofed hyperlinks and websites: When hovering the cursor over links in the email, if the text that appears does not match the link as written in the email, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.
• Poor spelling and layout: Poor grammar and sentence structure, misspellings and inconsistent formatting are other indicators of a possible phishing attempt. Reputable institutions have dedicated personnel that produce, verify and proofread customer correspondence.
• Suspicious attachments: An unsolicited email requesting a user to download and open an attachment is a common delivery mechanism for malware. A cybercriminal may use a false sense of urgency or importance to help persuade a user to download or open an attachment without examining it first.

Other tips to prevent phishing attempts

• Be suspicious of unsolicited phone calls, visits or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes clicking links in the email.
• Do not send sensitive information over the internet before checking a website’s security.
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.