What is spam / phishing?
Spam is unsolicited, irrelevant, or inappropriate messages sent on the Internet to a large number of recipients. Most often, spam comes from corporate advertisements. Look for an unsubscribe or opt-out link at the bottom of these emails.
Phishing is a scam that tries to trick you into revealing personal and sensitive information such as login credentials and banking details. Attackers usually do this by pretending to be someone or some company that you know and trust. They might sign the email in someone else's name, or they can take it one step further and spoof the sender's address.
How can I tell if an email is phishing or legitimate?
If you are ever unsure about an email you receive, forward the message to phishreport@ufv.ca and our Cybersecurity team will investigate.
Step 1: Look at the sender’s full email address – In Outlook, you may hover your mouse cursor over the profile image to see the full address. Ask yourself:
- Do I know this person or organization?
- Does the email domain (@example.com) look right?
- Does the address make sense compared to the name of who sent it? E.g., if it's claiming to be a UFV employee but sent from an unknown Gmail address, this should raise caution.
Step 2: Look at the content of the message.
- Are there obvious grammar, spelling or punctuation issues?
- Does the tone of the message sound right?
- Is the message attempting to elicit certain emotions or sense of urgency? Most often, attackers rely on:
- Greed – offers money, gift cards or rewards for clicking a link or providing information
- Curiosity – promises an exciting outcome, or is just weird enough that you might be tempted to open it
- Fear – threatens negative consequences, like shutting down an account, blackmail, or legal action
- Urgency – requires quick action or gives a short deadline
Step 3: Investigate the links in the content, and attached files. (Be careful not to accidentally click a link!)
- Do the links in the email body go to reputable sites? You can hover over the links to see where they really lead - if you want to go to a particular site, going directly there in your web browser (rather than clicking on a link from an email) can help reduce the risk of being phished.
- Were you expecting an attachment?
- Does the file name of the attachment look appropriate?
- Does the file type (extension) look appropriate? E.g., if you expected to receive a PDF (.pdf), but the file is an executable (.exe), this should raise caution.
External Resources
These external resources are great for learning more about spam, phishing, and email security: