During this time of the year, especially while we are heading towards the holiday season, the number of phishing messages has increased greatly.

ITS wants to remind all members of the Carleton community to be extra vigilant with any email messages you receive, or any websites that you visit.

Phishing attempts may look like the message came from a colleague, supervisor, manager, or other university official, or even a spoofed email address that looks exactly like your own address.

They may look like a meeting or video conferencing request, an invoice or other document, an offer for services or products on sale, a note claiming you have won an award or prize, or a call for help or assistance.

How can you tell if emails or online posts are scams?

  • The email appears to come from someone at the university but has an [External Email] The tag is highlighted in yellow and is in square brackets, as seen below:

  • The sender asks you to send money or other forms of currency or vouchers such as Bitcoin, gift cards, cheques, etc.
  • The email asks you for your password or directs you to a webform asking for your password
  • The subject line is in all caps
  • There is a call for immediate action (ie. “download this now” or “confirm your email identity now”)
  • There is a request to deposit your money, start a claim or “click on the link below”
  • There are spelling or grammatical errors in the email

If you respond to phishing messages, you may be asked to purchase gift cards or Bitcoins for the individual. Do not send gift cards or other monies, and do not reply or respond to the message or engage with the individual.

If you have already responded to a phishing email, please contact the ITS Service Desk immediately.