OVERVIEW
Target audience: McGill faculty, students and staff
Phishing is the fraudulent process of attempting to acquire sensitive information by pretending to be a legitimate/trusted organization or institution. This article provides information on how to recognize, prevent and report phishing attacks.
In this article:
Introduction to Phishing
Phishing attempts appear in many forms, including but not limited to: email, popup windows, instant messages, and phone calls. These often involve trying to make you click on a link that leads to a fraudulent website, where you will submit the desired information.
- McGill will never contact you by email or phone and ask you to provide confidential information, nor will they request you to log onto a website to do so.
- Phishing attempts can be convincing, often using content (images, words, logos) taken from legitimate websites. If in doubt, verify: call the organization that the message appears to be from and confirm that they did indeed send it.
ATTENTION:
If you have already clicked a link or opened a file attachment in a suspicious email, please contact the IT Service Desk immediately by calling 514-398-3398.
You can quickly report a suspicious email by using the Report Message, Report Junk, or Report Phishing buttons in any Outlook app, including Outlook on the web (https://outlook.com/mcgill.ca).
Note: If the email is already in your Junk Email folder, you do not need to report it.
For more details, see Report suspicious emails.
Phishing can happen to anyone: How to recognize a phishing attack
Did you accidentally fall victim to a phishing email? It can happen to almost anyone, at any time. If you do get hooked by a phishing attack it is critical that you report it right away!
Recognize a Phishing Attack before you take the bait:
There are common clues that can help you identify a phishing attack as soon as it hits your inbox. Be on the lookout for these signs:
- Offers that are too good to be true.
- Messages that create a strong sense of urgency.
- Emails that appear to be work related but use a personal email address, such as @gmail.com.
- The language, tone, or signature is inconsistent with the supposed sender.
- Emails that pressure you to bypass or ignore our security policies.
- Emails that contain a generic greeting such as “Dear Customer.”
- Messages that try to invoke curiosity or fear.
We know the bad guys can be tricky. If you suspect an email is a phishing attack, or you think that you may have fallen victim to one, help us by reporting it right away.
The 7 red flags of phishing
Other types of scams
In addition to email, scams can also be facilitated by phone. In these cases, the fraudsters will often impersonate government or law enforcement officials in an attempt to scam you out of large sums of money. Below is some information from the Government of Canada on how to recognize these scams and help avoid becoming a victim:
- Protect yourself from immigration fraud
- Protect yourself from scams and fraud
- Extortion: Telephone calls targeting the Asian community
- Learn to avoid telemarketing fraud
ADDITIONAL REFERENCES: