Phishing

Cybercriminals are updating their skills but phishing remains one of the most popular form of cyber-crime used to scam individuals and steal financial and personal information. Our best defense is to stay vigilant and informed by familiarizing ourselves with the best practices.

What is phishing?

Phone screen displaying Google Icon, Mail Icon with 20 unread emails, Phone Icon and WhatsApp Icon.

Phishing

Typically, you receive an email that appears to come from a reputable organization such as a bank. The email includes what appears to be a link to the organization’s website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account numbers, PINs or passwords can be stolen and used by the hackers.

Woman typing on laptop with neutral colour samples next to it.

Spear phishing

Unlike phishing which involves mass-emailing, spear phishing is small-scale and well-targeted. The hacker emails users in a single business. The emails may appear to come from another staff member at the same company and ask you to confirm a username and password. A common tactic is to pretend to be from a trusted department that might plausibly need such details, such as IT or Human Resources. Sometimes you are redirected to a bogus version of the company website.

Phishing and scam emails

Security and cybersecurity are of the upmost important for all of us. Scam emails are unfortunately received very often. Below are some measures you can take if you receive such ransom requests.

You receive a message in your inbox threatening to distribute intimate photos or videos if you do not pay a bitcoin ransom. The email begins with a convincing detail: a current or former password.

Don’t panic. You received a “sextortion” scam email. It is very unlikely the hackers are in possession of compromising images or videos. They obtained your information from lists with passwords that were stolen or leaked. They send the same message to all users on that list in the hope that some send them the money they are requesting.

Here’s what you need to do:

Never pay the ransoms.
Do not click on any link and don’t open any attached file. Delete the email right away.
Change your passwords for all your accounts.
Install updates for all your software and antivirus.
Enrol into Multi-factor authentication.

Prevent phishing and be alert

Scams regularly circulate us and target the University. Be extra vigilant and exercise safe practices:

Carefully check all links before clicking them. When in doubt, ask someone around you.
Be suspicious of emails that require you to enter your account and password.
Remember that malicious attempts may come from uOttawa addresses that have been compromised.
Be extra cautious of job offers requiring you to provide your personal information.
Question emails that mention your account, such as it being terminated, requiring you to log in to continue, etc. These are typically fraudulent. Exit the email and contact the Service Desk independently to verify the authenticity of the notice.

We encourage you to continue to report suspicious emails by using the Report Message function in Outlook.

Given the potential damage phishing attacks can cause, we are reminding everyone to be diligent when dealing with unsolicited electronic communications, links and attachments.