Phishing
(this article was adapted from UMass Amherst)
What is Phishing?
Phishing refers to different types of online scams that ‘phish’ for your information such as passwords, social insurance number, bank account information, credit card numbers, etc.
These messages claim to come from a legitimate source, sometimes even the College or a friend! They may fake the email address, logo, etc. In some sophisticated attacks known as spear phishing, the scammers may have already collected information about you and use it in the message to make it more convincing.
What are the risks?
By responding to these emails, you provide access to your email, which probably will then be used to send more phishing emails to your colleagues and friends.
Other risks are:
- Identity theft: Once you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.
- Virus infections: Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
- Loss of personal data: Some phishing attacks will attempt to encrypt files on your computer and shared drives (see article on ransomware)
- Compromising institutional information: If your College account is compromised, scammers may be able to access sensitive institutional information .
How to recognise Phishing?
Our email spam filters will intercept some fraudulent emails, but they are not foolproof. It is critical that you learn to identify phishing scams and take the appropriate steps to protect your computer and your information. Signs of phishing include:
- No signature or ‘generic’ signatures: Emails from the IST department are always signed with the official Dawson College logo, a person’s name, and the department’s name: Information Systems and Technology.
- An invitation to click on a link to reset or validate password/account. The IST department never send links to change or validate an account/password.
- Ultimatum: An urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’.
- Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the address of the link. Illegitimate links often contain a series of numbers or unfamiliar web addresses.
- Too good to be true offer: Messages about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
- Style inconsistencies: Pop up windows that claim to be from your operating system or other software may have a different style or colors than authentic notifications. Messages that claim to be from a reputable organization may be missing branding aspects such as a logo.
- Spelling, punctuation, or grammar errors: Some messages will include mistakes. ‘Email owner that refuses to update his or her Email, within Seven days’
- Attention-grabbing titles: “Clickbait” titles (e.g., “You won’t believe this video!”) on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.
Some examples of phishing emails received in the College are found here.
To get some practice at recognising phishing emails, we recommend you take a quiz from SonicWall or OpenDNS .