ITS Phishing Bulletin No. 2: Examples of Common Phishing Emails

February 12, 2019

Dear Colleagues:

This is an updated version of the ITS phishing bulletin that went out last week.

It is important for employees to know what actions they should take when they receive a suspected phishing attack email.

Most importantly, employees should be aware that Algonquin College never asks for a username or password via email or texting. Any such email request should always be viewed as immediately suspicious and reported (see Report Phishing section below).

Please see below for examples of different phishing e-mails, including one from Algonquin College. A helpful chart has also been added with a quick list of red flags.

It is crucial that everyone in the College community stays vigilant and knows what to look for. Just one improper click or download can put both personal and work accounts, systems and sensitive information at risk.

What is Phishing?
Phishing is the act of a cyber-criminal using false pretenses to acquire usernames and passwords, credit card information, sensitive personal information and electronic money by masquerading as a trustworthy entity in an electronic communication such as email or texting. Phishing communications often contain links to rogue websites that are infected with malicious software, which is then downloaded to your computer to conduct further cyber-attacks on College networks. The impacts of phishing can be very significant and include account and data theft, data ransomware, identity theft, loss of money, and system compromise, among others.

What Do They Look Like?
If you receive an unexpected or unusual email, carefully examine it before clicking on an embedded link or downloading an attachment.

The following are common attributes of a Phishing email. A visual example is included for each.

1. Spelling Mistakes and Poor Grammar
Phishes often contain obvious spelling mistakes, poor grammar and incorrect email addresses. For example, instead of @algonquincollege.com you may see something like @a1gonqu!ncollage.com.

2. A Sense of Urgency or Importance

Phishing attempts have a sense of urgency or heightened importance. An example could be “Your credit card has been compromised, provide us with your personal information as soon as possible to resolve the issue!”

3. Links and Attachments - Caution
Phishing emails often contain an attachment and/or link. If you were not expecting to receive an email with an attachment, do not open it. If there is a link within the email, hover over it (without clicking on it) and you will be able to determine the true URL.

4. Suspicious Subject and Content From a suspicious Subject line to a suspicious “To:” field, be vigilant for anything that looks out of the ordinary

Red Flag Phishing Chart

Screen grabs from the below chart, courtesy of KnowBe4, identify red flags in different areas of a potential phishing email – including the From, To, Date and Subject field, as well as attachments, hyperlinks and body email content.

Click to View Complete Phishing Red Flag chart (excerpts below)

Report Phishing!

Send a copy of the phishing email (by dragging the entire email to a new email so that we receive full header information) to spamorscam@alqonquincollege.com. Then permanently delete the email by clicking “shift” + “delete”.

Additional Resources
What is Phishing?
What Are The Risks?
Ways to Avoid Phishing Scams
Phishing Examples

Contact
If you any have questions or concerns about an unexpected e-mail or text message, please contact the ITS Service Desk at extension 5555, or by e-mailing 5555@algonquincollege.com.
For more information about information security, please visit the College’s Information Security website: http://www.algonquincollege.com/infosec/

Information Security is everybody’s business.