Target audience: McGill faculty, students and staff
Phishing is one of the most common ways that cybercriminals gain access to sensitive information, accounts, and systems. Phishing attacks often come as an email, text, call, or post from a trusted sender, company, or organization. This article provides information on how to spot, stop, and report phishing attacks.
In this article:
ATTENTION:
If you have clicked a link or opened a file attachment in a suspicious email, please call the IT Service Desk immediately at 514-398-3398.
You can quickly report a suspicious email using the Report Message, Report Junk, or Report Phishing buttons in any Outlook app, including Outlook on the web (https://outlook.com/mcgill.ca).
Note: If the email is already in your Junk Email folder, you do not need to report it.
For more details, see Report suspicious emails.
In addition, we invite you to take the Cyber Security Essentials Training course for all faculty, staff and students.
Learn what phishing is, how attackers profit from it, and how they’ll try to phish you by visiting our Phishing 101 page.
A few McGill specifics to keep in mind:
Did you accidentally fall victim to a phishing attack? It can happen to almost anyone, at any time. If you do fall victim to phishing through a McGill-provided service such as email or Teams or provide your McGill credentials as part of an attack, it is critical that you report it right away to the IT Service Desk by calling 514-398-3398.
There are common clues that can help you identify a phishing attack. Be on the lookout for these signs:
We know the bad guys can be tricky. If you suspect an email sent to your McGill email is a phishing attack, help us by reporting it right away.
When you access your McGill email through Microsoft Outlook, phishing safety tips at the top of some messages help you determine whether to trust them.
IMPORTANT:
These messages only appear when an email comes from a non-McGill email account. Emails sent from one McGill email to another don't have these messages. Since McGill email accounts can get compromised, you should always assess an email before interacting with it in any way.
"You don't often get email from <email address>."
If an email is sent to multiple people, you might see "Some people who received this message don't often get email from <email address>" instead. When you see this variation, it's very likely phishing.
"<email address> appears similar to someone who previously sent you email…"
"The email address <email address> includes unexpected letters or numbers. We recommend you don't interact with this message."
"This sender might be impersonating a domain that's associated with your organization."
"The actual sender of this message is different than the normal sender."
What should you do when you spot one of these tips?
Like with any other message, take an extra minute to review it and look for signs of phishing. If you’re unsure, don’t interact with the email. Instead, look for:
If you suspect an email sent to your McGill account is a phishing attack, help us and our community by reporting it right away.
What should you do if you spot a tip that isn’t listed here?
Microsoft occasionally updates the wording of their safety tips and creates new ones, and we may only discover them when we see them first-hand. Attackers have also created their own and added them at the top of their emails (Hint: their messages often try to make the email seem legitimate and safe). If you spot a tip that’s not listed in our article, pay extra attention to what it tells you.
If there’s no tip at the top of an email, does that mean it’s safe?
Unfortunately not. Attackers are wily, and if they manage to compromise a McGill mailbox or compromise a reputable organization or sender, they can send emails that make it through our detection systems and defenses. That’s why it’s always important to think before you click...on anything!
Safe Attachments
Safe Attachments scans all incoming attachments in your email and Microsoft Teams conversations to detect malware and/or viruses. This enhanced attachment scanning might result in very slight delays in receiving attachments.
Safelinks
This feature scans links in your email and Microsoft Teams conversation for links that are known to be malicious or fraudulent.
If you do click on a known malicious or fraudulent link, Safelinks will protect you from accessing the content at that link. Instead, you will be sent to a Microsoft page informing you that you have clicked a malicious link. This feature adds an extra layer of protection from phishing, fraud, and malware.
Note: The link preview displays the correct link in Outlook but may show a different URL beginning in can01.safelinks.protection.outlook.com in other mail programs.
In addition to email, scams can also be facilitated by phone, text, and other methods. Fraudsters will often impersonate government or law enforcement officials to try and scam you out of large sums of money. Below are some resources from the Government of Canada on how to recognize these scams and help avoid becoming a victim: