Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Carleton University Faculty or Staff will not ask you to send account credentials via email.

How can you tell if an email is a Phishing attempt:

  • It asks you for your password or directs you to a web form asking for your password
  • If the link within the body of the message points to a non-Carleton email address
  • The subject line is in all caps
  • There is a call for immediate action – “download this now” or “confirm you email identity now” or “click on the link below”
  • There are spelling or grammatical errors in the email
  • The email offers something too good to be true
  • If the email asks for money or personal information
  • be suspicious of any attachments especially exe or zip files

What to do when you found a phishing email:

  • Do not click on any links or reply to the email
  • Enterprise email systems have a spam and phishing reporting mechanism in which you can tag the email accordingly. In Outlook the email options have a Security Options where you can select ‘report Spam’ and ‘Phishing’.
  • If the security options are not available then simply delete the emails.
  • virustotal.com is a great place to check if links are fraudulent or attachments contain malware

More from CCS: How to spot a Phishing Email