Don’t get caught in a phishing scam

Monday, November 28, 2022 | by

Several fishing hooks hang from above, each having caught a mail envelope. A tablet, mobile phone and laptop are on a table below the hooks.Brock University's Information Technology Services team shares some tips for recognizing a phishing email.

Thousands of phishing emails are received daily by the Brock University community.  

One of the best ways to protect oneself against cyberattacks is to learn to recognize fraudulent emails and texts.  

Signs of a phishing scam 

Urgent or threatening language: Phishing emails sometimes contain unnecessary urgency to pressure a quick response. Look out for threats of closing an account or urgent requests to change a password within a specified time.

Requests for sensitive information: Emails requesting sensitive information over email or text shouldn’t be trusted. Look out for links directing to fake login pages, requests to update account information and demands for financial information, even from one’s bank.

Anything too good to be true: Look out for lucrative job offers that have no interviews, winnings from contests never entered and prizes requiring payment to receive it.

Unexpected emails and texts: Look out for receipts for items that were never purchased and updates on deliveries for products not ordered.

Information mismatches: Closely looking at a phishing email can reveal information mismatches. Pay attention to the sender’s display name and email address, links that don’t go to official websites and spelling or grammatical errors.

Suspicious attachments: Be cautious of attachments that were not requested, strange file names or uncommon file types.

Unprofessional design: Pay attention to incorrect or blurry logos and company emails with little, poor or no formatting.

Fake pictures, logos, trademarks or copyright: Phishing emails sometimes contain fake digital assets, such as the Brock University logo or the Microsoft logo. An email with the Brock University logo does not necessarily make it legitimate.

If an email recipient suspects they have received a phishing attack, they are can email itsecurity@brocku.ca. Questions about phishing can be directed to the same email address.  

Phishing email sample 

Sample phishing email, with email sender, subject and body text

Notice some of the signs of a phishing email highlighted: 

  • Information mismatches: Legitimate display name ‘Brock IT Desk’ but fake email address ‘bruckitdesk@gmail.com’. The email also contains a grammatical error ‘All User’ and a spelling error ‘accees’. 
  • Urgent or threatening language: The email subject contains the word ‘Urgent’ and the body has specified a timeframe of ‘within 24hrs’.  
  • Requests for sensitive information: In the email, ‘click here’ directs to a fake Brock login page ‘https://adfs.blocku.ca’.  
  • Fake logo: The email contains a stolen Brock University logo to make it seem legitimate.

Read more stories in: Briefs, Faculty & staff
Tagged with: , , , , , , ,