Phishing

Phishing refers to the process where a targeted individual is contacted by email by someone posing as a legitimate institution to lure the individual into providing sensitive information such as banking information, credit card details, and passwords. The personal information is then used to access the individual’s account and can result in identity theft and financial loss. Be very cautious. Phishers can only find you if you respond. Please note that you are the most effective way to detect and stop phishing.

From: ldperez42@student.tntech.edu
Date: Feb 10, 2016 2:10 pm

From addresses are easily forged and can look like the message came from someone you know. Also check the “TO” and “CC” fields. Is the email being sent to people you do not know or do not work with?


This is to inform you that IT Administrator has currently upgraded all mailboxes (size to 50.0GB). Please upgrade your account by clicking on Faculty & Staff Email Upgrade

Be careful with links, and only click on those that you are expecting. Hovering your mouse over the link will show you the true destination of of the link without actually having to click on it. Check for grammar and spelling mistakes and be wary of offers that seem too good to be true as these can all be indicators of a phishing attempt.


There has been an automatic security update on your email address CLICK HERE here to complete update Please note that you have within 24 hours to complete this update because you might lose access to your Email Box.

Be suspicious of any email that requires “immediate action, within 24 hours”. This is a common technique to rush people into making a mistake. Don’t respond to emails requesting confidential information or emails that are asking for you to login with your Brock credentials. Remember, if something looks too good to be true, it probably is. Legitimate organizations will not ask you for your personal information.


This message was identified as a phishing scam.

If you see the above line in the body of an email, please be aware this is a phishing email and was identified as such by Microsoft Exchange Online Protection.

You may not realize it, but YOU ARE A PHISHING TARGET at work and at home. Organized crime groups want you to click on a link that takes you to a website where your personal information is requested.

Many of you will remember back in 2014 there was a flood of “private” images of various celebrities that were leaked online. At the time a lot of the focus was placed on the security of Apple’s iCloud service, however it has recently come out that the celebrities themselves were victims of phishing. The person who perpetrated this crime simply sent these famous people simply worded emails claiming to be from Apple or Google. These unsuspecting people responded and, in a flash, their accounts were compromised and their private information was gone never to be taken back.

As we live more and more of our lives online, and use our phones, computers and online services for more of our personal information, these accounts become very valuable to organized crime. You may not be famous but you are still a target. Your bank accounts as well as credit/debit cards are prime targets for criminals as the days of the big bank heist are over. Organized crime now employs large networks of computers and minions to try and steal a few hundred dollars at a time from large numbers of people. Estimates put the cost of phishing and identity theft at over $5 billion annually. Having control of your email account can give criminals access to more that just your email messages. Almost all online services like Facebook, Twitter and Amazon use your email to verify your identity and perform password resets so gaining access to your email account can give these criminals access to more than just your email.

Phishers send more convincing emails all the time. Can you spot them? ITS posts samples of phishing emails received at Brock here.

Take the SonicWall Phishing IQ Test to see how you score.

  • Never send your username/login and password in an email message.
  • Beware when replying to unsolicited messages. Replying to these messages or going through the process of unsubscribing from lists merely enforces that they have discovered an active e-mail address. Ignore and delete these messages. Only unsubscribe from lists you have knowingly subscribed to or trust.
  • Beware of links in email messages. Although some may take you to reputable content, others can lead to infected websites or phishing scams asking for your username/login and password.
  • Beware of any email messages or attachments you are not expecting, even from friends, family, and colleagues. Some viruses can take over email programs and impersonate people you know.
  • Don’t run any executable (programs) received as email attachments. This is not the best way to transmit programs anyways. If you are transferring programs you should “zip” the files before sending.
  • Turn off the preview pane in your email program. Some viruses can be accidentally initiated by just previewing the message in some older e-mail programs.
  • Turn off scripting and auto-launch features. Any features that run programs, macros, or scripts within email messages are capable of launching viruses.
  • If you receive a message from anybody and are told to delete a file on your computer, DO NOT DELETE IT. Chances are it is a hoax. Check with your antivirus support person or visit a reputable antivirus website and see what they recommend.
  • Use discretion when forwarding emails. Not everyone appreciates receiving chain emails. Make sure the people you are sending them to don’t mind this type of email. If you receive a virus alert, although you may think you are doing your friends a favour by warning them, you could be feeding hysteria.

If you are concerned you may have fallen victim, contact the Help Desk at x4357 or email us at itsecurity@brocku.ca

If you have received an email that you believe to be a phishing attempt, please use one of the methods outlined in the below section to report it.

Reporting Methods for Students

  1. From Office 365 email, select the target email to report.
  2. Select the “Junk” dropdown from the ribbon above.
  3. Select “Junk” or “Phishing”.
  4. Select “Report” if asked.

You can also use email to submit junk, spam and phishing emails directly to Microsoft:

  1. Create a new, blank email.
  2. Address the email to the Microsoft team that reviews messages as follows:
  3. Copy and paste the junk or phishing scam message into that email (as an attachment).
  4. You can attach multiple messages to the email if you want to; make sure all the messages are the same type – either phishing scam messages or junk email messages.
  5. Leave the body of the new message empty.
  6. Click Send.

All student email is routed through a Microsoft Antispam / Malware service called Exchange Online Protection. To report spam or phishing attacks, follow one of the above procedures. Microsoft gathers this information to create a black list based on feedback from users like yourself.

Reporting Methods for Faculty & Staff

You can also use email to submit junk, spam and phishing emails directly to Microsoft:

  1. Create a new, blank email.
  2. Address the email to the Microsoft team that reviews messages as follows:
  3. Copy and paste the junk or phishing scam message into that email (as an attachment).
  4. You can attach multiple messages to the email if you want to; make sure all the messages are the same type – either phishing scam messages or junk email messages.
  5. Leave the body of the new message empty.
  6. Click Send.

All faculty and staff email is scanned by Microsoft’s Anti-spam & Malware service called Exchange Online Protection. To report spam or phishing attacks, follow one of the above procedures. Microsoft gathers this information to create a blacklist based on feedback from users like yourself.

Phishing Poster