We are starting to see a new tactic with recent phishing messages, where the attacker tries to convince the user that the messages are from a safe sender, see example below:

Please note that this is not a legitimate notice or message provided by the University’s email systems, and should not be trusted.

ITS does add an [External Email] tag to messages that are received from senders outside of the University’s trusted email systems.  This tag, seen below, is a warning to be more cautious with the message.

Some of the recent phishing messages we have seen will have both the ITS [External Email] tag, and the fake safe sender tag, as seen below.  These messages should not be trusted.

Phishing is an attempt of acquiring personal or sensitive information such as credit card information, passwords, etc. by sending an email that appears to be from a legitimate sender.

Here in ITS we will continue to fight the good fight against phishing emails, but your assistance would be extremely valuable in the fight!  Don’t take the bait; if you receive an email that you’re not sure is legitimate, here’s what you can do:

  • hover over the senders email to confirm the address matches the senders name, if they don’t match, delete the email
  • hover over any links to see where they point to before clicking
  • never reply to an email with your password or click on a link to provide your credentials
  • forward the email along to phishing@carleton.ca or contact the ITS Service Desk at its.service.desk@carleton.ca.

Remember, ITS will never ask you for your password!