Recognizing Phishing
Email accounts are constantly targeted with phishing messages, so it is critical that everyone is able to recognize, and properly react, to these messages.
What is phishing?
Phishing, a type of social engineering, is an attempt to get you to do something you shouldn't do by sending you a compelling message. They may be after your username and password, personal or confidential information, money, control of your computer or mobile device, or something else.
Why doesn't our email system block all phishing attempts?
Our email systems automatically block the majority of phishing messages we receive, but no system is perfect. The phishing messages that do get through are often put into the Junk folder, but not always. As a result some phishing messages will get to your inbox.
Attempts to block all possible attacks invariably lead to blocking too many legitimate messages.
How can I identify phishing messages?
While a well-designed phishing attempt can sometimes be difficult to identify, these messages typically have some common indicators. Sometimes a safe message will fail one or more indicator tests, and sometimes a phishing message could appear to pass the tests, but these indicators are still a powerful tool for evaluating messages.
Some common phishing indicators:
- A requirement for an urgent action to avoid something bad happening. They want you to act on impulse, so always stop and think before you act.
- An offer that looks too good to be true. Is someone really sending you free money?
- Found in your Junk or Spam folder. The mail system put it in there for a reason, so exercise a little extra caution.
- Unusual or unexpected to and/or from addresses. Do the sender and other recipients make sense for this message?
- Links to strange URLs in links. Phishing often involves using hacked websites belonging to other organizations, which can usually be seen by hovering your mouse over the link. These pages will often look exactly like the login page you are expecting, but the URL will give it away. For more information please visit our Decoding Links & URLs page.
- Unexpected file attachments. If you weren't expecting it, think twice about opening it. Opening the wrong file can easily infect your computer, even with antivirus software installed.
- Poor spelling and/or grammar. Often the people writing these messages don't seem to have a good editor on staff.
- Inconsistency with previous messages. If the message seems inconsistent with previous messages from that sender, you should be suspicious.
- Requesting confidential or personal information by email. We will never ask you to send us your password by email.
- Does something seem wrong about the message? Trust your instincts. If it doesn't feel right, it is probably phishing.
A 'Don't Get Hooked!' poster is also available. It provides similar information on phishing from another source. You can also bookmark it, or print it, as a quick reference.
Another method that may help is to try asking yourself what you would tell a family member, friend, or co-worker if they told you they received this message.
What do I do if I looked at the indicators and still can't tell if this is a phishing message?
Sometimes it is really hard to determine if a message is phishing or not. The best method is to contact the sender by phone to confirm, but never use any phone numbers provided in the questionable message.
AU Faculty & Staff: If you receive a possible phishing message at your @athabascau.ca email address, and are still unsure about it, you can forward it to phishing@athabascau.ca for review. We will respond with our assessment of the message within one business day. We may also use the message to adjust our filters to better identify these messages. Please do not send messages you have already identified as phishing, or unwanted advertising (spam), this is only for messages where you are unsure.
Remember, If you are unsure about a message, and there is no time to check the validity of the message before you have to act, there is a very good chance it is a phishing message.
I've identified a phishing message, what should I do with it?
If it is not already in your Junk folder, you should mark it as Phishing, Junk, or Spam, depending on the options available in your preferred mail client. For example, in the Office 365 Outlook web interface, you will find a Junk pull down menu near the top of the page when you have a message open. This pull down includes both Junk and Phishing options.
Once it is correctly marked as Junk or Phishing, you can delete it.
I think I was successfully phished, what do I do?
It is essential that you take action as soon as possible if you think you were the victim of a phishing attack. Here are some actions you should take immediately:
- Contact the AU IT Help Desk if any of your AU accounts or your AU computer were potentially compromised, so we can help.
- If the compromise involved non-AU accounts or information, contact support at the relevant organization. For example if your credit card number may have been compromised, contact your credit card provider using the phone number on the back of your card.
- Turn off any computers or devices that may have been accessed or infected by malicious third parties, and leave them off until a qualified IT professional has ensured they are safe.
- Change the passwords to any accounts that may have been compromised. If you use the same password for multiple sites, you need to change the passwords at the other sites as well. Never use that password again.
Online Course
A short online course is available for faculty and staff. Please visit the Online Training Courses page for more information.
Other Resources
Join the Discussion
A Yammer group has been created for AU Team Members to discuss cybersecurity related topics. Please join the discussion.
Yammer Cybersecurity Awareness Group
Updated October 09, 2020 by Digital & Web Operations, University Relations (web_services@athabascau.ca)