Phishing attacks come in many forms across the cybersecurity landscape.  

Many of these attacks, whether internal or external, can appear to be legitimate from trustworthy sources. Diligence is required to protect oneself and the University. 

As part of Cybersecurity Awareness Month, Brock Information Technology Services (ITS) is educating the University community with information and tips that can help protect technology users’ identities and data. 

As technologies evolve, so do cyberattacks. Cybercriminals prey on the trusting nature of individuals and have become advanced in crafting phishing emails that appear to be legitimate.  

An email seeming to be from the University President, a supervisor, Human Resources, ITS or another unit within the University could be a phishing attack.  

If an email looks too good to be true or something about it seems off, ITS recommends students and employees ‘think before they click’ and report the email to itsecurity@brocku.ca 

Types of phishing attacks

Email phishing
Email phishing is the most common form of phishing. This type of attack uses tactics such as phoney hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker. 

Malware phishing
Another prevalent phishing approach, malware phishing involves planting malware disguised as a trustworthy attachment, such as a resumé or bank statement, in an email. In some cases, opening a malware attachment can paralyze entire IT systems. 

Spear phishing
While most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity. 

Whaling
Whaling takes place when a ‘big fish’ is targeted, such as a senior executive or celebrity. Scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information.  

Smishing
A combination of the words ‘SMS’ and ‘phishing,’ smishing involves sending text messages disguised as trustworthy communications from well-known businesses such as Amazon or FedEx. People are particularly vulnerable to SMS scams, as text messages are delivered in plain text and come across as more personal. 

Vishing
In vishing campaigns, attackers in fraudulent call centres attempt to trick people into providing sensitive information over the phone. In many cases, these scams use social engineering to dupe victims into installing malware onto their devices in the form of an app. 

Brock employees and students who suspect they are the recipient of an email phishing attack should contact itsecurity@brocku.ca

Questions about phishing can also be directed to this email.