OVERVIEW
This article describes how to protect yourself from phishing email scams, which aim to steal your personal information.
What is Phishing?
TIP
Under no circumstances will SFU ever request our users to provide or confirm their computing ID and password using email messages. You should never send your SFU account credentials to anyone.
SFU, like many other universities, is the subject of "phishing" attacks. Phishing is an attempt to acquire sensitive personal information, such as usernames, passwords and banking information by masquerading as a trustworthy party in an electronic communication. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website or in a email reply.
The term phishing is a variant of fishing and alludes to the use of increasingly sophisticated baits used in the hope of a "catch" of personal information.
SPOTTING A PHISHING ATTEMPT
Above is an example of a phishing attempt sent from a compromised SFU account.
TIP
Phishing scams will always attempt to steal personal information. If there are any suspicious requests for your personal information, look for any indicators to determine if it may be a phishing attempt.
1. The Sender
The Sender: The contents of the email message should match who sent the email. Also, be sure that the email ends with "@sfu.ca". As an example, IT related messages should come from an SFU IT staff or role account that ends with "@sfu.ca".
Ask yourself, does it make sense for this individual to send the contents in the email message and was this sent from an SFU email? In this example, a student account was sending this message on assistance programs which should raise some red flags.
2. Format or layout
Format or Layout: Official SFU messages put in considerable effort not appear like phishing email. This includes introductions, additional context and support points, proper use of SFU logos, fonts, highlights and punctuation.
Ask yourself, does this message contain sufficient information and proper use of formatting? In this example, there is insufficient context around why you are eligible, and odd usages of SFU logo and punctuations.
3. Honeypot or Threatening Language
Honeypot or Threatening Language: Phishing emails tend to include language that incentives or threatens the user to take urgent action before a deadline, whether it may be a reward or consequence.
Ask yourself, is this too good (or bad) to be true and if I'm being rushed? In this example, it attempts to bait users to provide their information for financial incentives.
4. Grammar Errors or Awkward Phrasing
Grammar Errors or Awkward Phrasing: Similar to Point #2, official SFU messages put in considerable effort to ensure that there are no grammar errors or awkward phrasing. Although mistakes may happen, a significant number of typos, grammar errors or awkward phrasing can indicate phishing attempts if there are call to actions.
Ask yourself, are there typos, grammar errors or awkward phrasing in the email message? In this example, there are many incorrect usage of punctuations and awkward phrasing.
5. External Links or Suspicious Attachments
External Links or Suspicious Attachments: Official SFU messages make a conscious effort to let readers know where links will take them and if there are any attachments. Any form links should point to an SFU service, such as SFU's Microsoft Form or SurveyMonkey.
For attachments, in most cases, they should be office files, .docx, .xlsx, .pdf, .pptx. Be wary of any non-office files, unless you're expecting it to be.
Ask yourself, does this link take me to website I've never seen before? Or, am I being asked to open an attachment I wasn't expecting? In this example, the phishing message is attempting to persuade users to go to an unknown webform and fill out their personal information.
6. Odd sign off and signature
Odd Sign Off and Signature: The signature of the email message should match who (the account) is sending the email. Similar to Point #2, the sign off should be professionally written and formatted.
Ask yourself, does the signature look strange and does it match with the sender? In this example, the sign off does not match the sender. Additionally, the signature does not look professional.
How you can protect yourself?
I RECEIVED A PHISHING ATTEMPT
If you receive an email message asking for your SFU Computing ID and password:
- Never provide your computing ID or password through email messages no matter how official or convincing request seems. SFU will never request to provide or confirm your computing ID and password using email messages.
- Dont reply or respond. Simply delete the message or select 'Report' (if available). Even responding to the message with content such as "please don't send me spam" simply confirms to the sender that they have contacted a live email address and increases your odds of receiving more spam in the future.
I RESPONDED TO A PHISHING ATTEMPT
If you have responded to a phishing message with your SFU Computing ID and password, change your password immediately. You can change your SFU password at SFU Computing Account.
If your SFU Computing Account has been compromised and subsequently locked, contact IT Services by phone or in-person.
Report Phishing
To report phishing, use Outlook's Report Phishing button. Alternatively, you may also forward any phishing messages to abuse@sfu.ca with its message header if the button is not available.
See the instructions:
OUTLOOK ON THE WEB
- Select the phishing message from the inbox.
- Select Report > Report Phishing.
Thank you for reporting illegitimate messages! Our SFU Exchange administrators will receive the report and will take further action to minimize the impact to our community.
OUTLOOK ON DESKTOP
- Double-click the email message from your inbox to pop-out the message.
- Select Files > Properties.
- On the Internet Headers box, Right-Click > Select All, then Right Click > Copy to copy the entire message header.
- Go back to the phishing message and select Forward.
- On the Message Field, Right-Click > Paste to paste the entire message header.
- On the To Field, enter abuse@sfu.ca. Then, select Send.
Thank you for reporting illegitimate messages! Our SFU Exchange administrators will receive the report and will take further action to minimize the impact to our community.