October is Cyber Security Awareness Month! Enrol in our Security Awareness Course through Brightspace to learn more about staying safe online, and for a chance to win a pair of Airpods or Ravens merch.

What is phishing?

Phishing is a cyberattack that leverages fraudulent emails, SMS texts, and phone calls to deploy malicious software to your device or to solicit sensitive information from you. These phishing attacks can be effective as the communication appears to be from a reputable institution, organization, or person.

How do you identify a phishing attack?

Always remember to look out for something that might be off or unusual; being cautious goes a long way. An email, SMS text, or phone call might be phishy if:

  • You notice a lot of spelling and grammar errors
  • The email or SMS text uses a generic greeting instead of addressing you
  • The email address has very subtle misspellings of legitimate domain names (e.g., example@gnnail.com instead of example@gmail.com)
  • The sender claims to be affiliated with a reputable organization but their email is sent from a public email domain (e.g., example@gmail.com, example@hotmail.com, example@yahoo.com)
  • The email appears to be sent to a long list of people instead of just you
  • The subject line is in all caps
  • The caller’s voice has a robotic tone or unnatural rhythm to their speech
  • The call has poor audio quality
  • You don’t recognize the sender’s name, email address, or phone number
  • The offer sounds too good to be true
  • The sender or caller requests payment (e.g., Bitcoin, e-transfer, cheques, giftcards, etc.)
  • The sender or caller requests your personal or confidential information
  • There is an urgent call for action (e.g., “download this now to claim your free car”, “click on the link below to prevent closure of your account”)

How can you tell if you have been phished?

If you have recently engaged with a suspicious email, text message, or phone call, you can check for signs of a compromised device and account to determine if you have been phished.

Compromised device: If you have downloaded attachments, or clicked on links from a potential phishing attack, you might have unknowingly infected your device with malware. Your device might be compromised if:

  • Your computer slows down, crashes, or displays repeated error messages
  • System settings have been changed without your input
  • You experience frequent pop-up windows
  • You observe browser plugins, add-ons, or toolbars that you didn’t install
  • Your internet searches are redirected to unwanted websites
  • There are changes to your home page
  • Your web camera light is on, even when you’re not using it for video calls or recordings
  • Your cursor starts moving by itself
  • Confidential data has been leaked

Compromised account: If you have provided sensitive information in response to a potential phishing attack, this data can be used to access your personal accounts (e.g., social media, email, online banking). Your account might be compromised if:

  • You receive a notification alerting you of a log in attempt
  • You discover your password doesn’t work anymore
  • Your friends and family are receiving emails or messages that you didn’t send
  • Different IP addresses show up on your activity log
  • There are unfamiliar transactions on your bank or credit card statements
  • Confidential data has been leaked

What should you do if you have been phished?

Once you suspect that you have been phished, the first course of action is to submit a ticket to the ITS Service Desk using any of the methods listed on Carleton.ca/its/contact.

Our Information Security professionals may recommend the following measures:

Stay Cyber Secure Year Round

Cyber security doesn’t end after October, so watch the ITS web site and @Carleton_IT on Twitter for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!

Text on image reads: You got phished, here's what to do next. Fight phishing!