Spam and Phishing - Identify an Email

What is spam email? What is phishing?

Spam is unsolicited, irrelevant, or inappropriate messages sent on the Internet to a large number of recipients. Most often, spam comes from corporate advertisements. Look for an 'unsubscribe' or 'opt-out' link at the bottom of these emails.

Phishing
is a scam where you are tricked into revealing personal and sensitive information such as login credentials and banking details. Attackers usually do this by pretending to be someone you know or trust. You can be tricked into thinking an email is really from someone you know, but the sender address has been spoofed. It is commonly used to mislead you (such as in a phishing attempt). Learn more about spoofing here: Email Spoofing

 

How can I tell if an email is legitimate?

Step 1:  Look at the sender’s full email address – In Outlook, you may hover your mouse cursor over the profile image to see the full address. Ask yourself:

  • Do I know this person or organization?
  • Does the email domain (@example.com) look right?
  • Does the address make sense compared to the name of who sent it?

Step 2:  Look at the content of the message.

  • Are there obvious grammar, spelling or punctuation issues?
  • Does the tone of the message sound right?
  • Is the message attempting to elicit certain emotions or sense of urgency?
    • Greed – offers money, gift card or reward for clicking a link or providing information
    • Curiosity – promises an exciting outcome or more information
    • Fear – threatens negative consequences, like shutting off an account or legal action
    • Urgency – requires quick action or gives a short deadline

Step 3:  Look at links in the content and attached files.  (Be careful not to accidentally click a link!)

  • Were you expecting an attachment?
  • Does the file name of the attachment look appropriate?

If you are ever unsure, forward the message to phishreport@ufv.ca and our Cybersecurity team will review the message.

How does UFV keep my email secure?

UFV's cybersecurity team is constantly monitoring our email system to detect spam before it reaches you. We stay up to date on the latest email security threats to ensure our systems are current. However, cybercriminals are getting smarter in the ways they avoid detection so we need your help if something gets through. That's why we made phishreport@ufv.ca: forward suspicious emails to us, and we will take care of the rest.

 

How does spam and phishing impact UFV?

SPAM, phishing, and other scam messages come with real risk and impact. Spear phishing, phishing that is targeted directly at the UFV community, is sent frequently. Most of these attempts are blocked by out spam filters, but some make it through. Because these emails are targeted, they can be hard to spot: they might fake the sending address to look like a UFV email address, or make links that look like real UFV logon pages.

 

Risks:

  1. Leakage of sensitive information - Phishers will disguise themselves as known individuals of victims (e.g. senior management) or trustworthy institutions (e.g. banks) to lure victims to give out their sensitive information such as account names, passwords and identity information. Phishers may further use this sensitive information for malicious purpose (e.g., identity theft) or sell them to third parties.
  2. Malware infections - Links or attachments in phishing emails or phishing websites may contain malware (e.g. key-logger, ransomware and cryptocurrency mining malware). If users click these links or open these attachments, their devices may get infected, which may lead to data leakage, data loss or other financial loss.

Impacts:

  1. Financial loss - With sensitive information obtained from victims, phishers can carry out transactions (such as transferring your money to their accounts). Business operations can be disrupted due to the time needed to respond to incidents or fix an infected device. 
  2. Reputational loss - Phishers can further make use of information obtained from victims to send blackmail, intimidate victims’ contacts or even perform illegal activities (e.g. stealing confidential data), causing legal and liability problems. As for an organisation being attacked, it may suffer reputation damage to its brand, and its clients may move their business elsewhere due to losing trust in the organisation in safeguarding their data.
  3. Data theft - Data, including the data of faculty, staff, and student research and scholarship, is crucial to our community. With the information obtained from victims, phishing attacks can lead to theft of data which can represent millions in research and development costs

 

Details

Article ID: 1884
Created
Thu 9/2/21 1:22 PM
Modified
Mon 1/17/22 11:31 AM