A legitimate looking email asking the recipient to click on a link can sometimes be hiding malicious intent. Though it can be tempting to trust all emails without scrutiny, cybercriminals prey on that trusting nature.

“Any email, whether it seems to be from the University President, a supervisor, Information Technology Services, Human Resources or other units within the University, can be a potential phishing attack,” said Brock Information Technology Services (ITS) Security and Infrastructure Specialist Daniel Garcia. “Cybercriminals have become much more advanced in crafting phishing emails that appear to be legitimate.”

Here are some ways to protect against phishing attacks:

• Be cautious any time a message asks the recipient to reveal personal information — no matter how legitimate that message may appear at first glance.
• Always double-check messages that suggest the recipient needs to act urgently.
• Verify the hyperlink behind a link’s text or button by hovering over the text.
• Look for inconsistencies like pixelated logos, misspellings or incorrect grammar.
• Verify requests for information through other means, such as calling/messaging the source or forwarding to itsecurity@brocku.ca
• Remember, most legitimate organizations will never ask someone to reveal personal information through an email.

In an effort to increase awareness about phishing, Brock ITS has developed a new Cyber Security Awareness portal where members of the Brock community can view real-time examples of the latest phishing emails they have received and also register for upcoming workshops to learn more about phishing.

Questions about phishing or if an email recipient suspects they have received a phishing attack can be directed to Sean Meloney, IT Security Analyst, at smeloney@brocku.ca or itsecurity@brocku.ca