What is phishing:
Emails, text messages or phone calls that attempt to trick the recipient into providing information or taking an action. Pause and Think before responding or taking action. The attackers are after your passwords, financial info, identity, or money. The reason behind falling for these scams are urgency, desire to please, greed, curiosity, complacency, fear and that is why 1 out of 10 attempts is successful.
How to spot a phishing attack:
Attackers might send emails, text messages, use phone calls, or post messages online in a phishing attack. They might include malware on the website or in an attachment, trying to take over your computer. They can also make fake websites that can ask you to log in, trying to steal your username and password. Hover over the link to see if it is the correct link. Only open attachments that you are expecting and check the file extension (Avoid EXE, COM and VBS).
Common warning signs for phishing:
- If an email appears to come from someone at the University, but has an [External Email] tag, it may be a phishing message. Be extra careful on mobile devices where it may not show the email address.
- The subject line is in all caps
- If an email appears to be sent to a long list of people and not just to you.
- If the email uses a generic greeting, or uses your email address in the greeting. e.g. Dear user, or Dear abc@carleton.ca
- The message asks you to send money, Bitcoin, gift cards, checks, etc.
- Asks you for your password or directs you to a website asking for your password (or personal information)
- There is a call for immediate action – “download this now”, “confirm your email identity now” or “click on the link below”
- Tries to invoke an emotional response to get you to take an action without thinking.
- There are spelling or grammatical errors in the email
Report Phishing button
The Report Phishing button is a Microsoft Add-in that makes it easy for users to report phishing emails to Microsoft and the ITS security team. The Report phishing button will be available on the Outlook desktop app and Outlook on the web.
How to use it
- Select the phishing email
- Click the Report Phishing button
- A pop-up will appear asking if you want to report the phishing email. Select Report or Don’t Report.
Regardless of your selection, the email will be deleted from the inbox and moved to the deleted items folder.
If you report an email in error, you can retrieve the email from your Trash/Deleted Items.
Note: The button will appear in a different location in the Outlook desktop app versus Outlook on the web.
Phishing button – desktop application:
The phishing button will appear in the main menu at the top right as shown below.
Phishing button – Outlook on the web (browser window):
The phishing button will appear at the top right of an opened email as shown below. If you don’t see it, click the “More actions” menu (…)
When to use it
Click the Report phishing button anytime you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the Phishing report button will be automatically deleted from your inbox and moved to the deleted items folder. The emails you report will also be forwarded to the Security team for analysis and to Microsoft to improve the filtering rules.
Note: This button should only be used to mark emails with malicious intent. Other nuisance emails, such as spam or marketing emails, should be flagged using the “Junk Email” feature.
When in doubt, please contact the ITS Service Desk for assistance: Information Technology Services
For more information on scams and how to protect yourself, visit the Canadian Anti-Fraud Centre.
A complete course on phishing: Phishing: General Course
A short course on phishing: Phishing – Six Clues That Should Raise Your Suspicions
Test your Phishing detection skills: Mass Market Phishing
Real phishing attempts using emails: