Phishing — Pause. Think before you click!
Phishing is a type of attack carried out to steal usernames, passwords, credit card information, Social Insurance Numbers (SIN), and other sensitive data. Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as MtA technology departments or organizations related to the university.
Attackers can use this information to:
- Steal money from victims (modify direct deposit information, drain bank accounts).
- Perform identity theft (run up charges on credit cards, open new accounts).
- Send spam from compromised email accounts.
- Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus.
The Phish Tank
- NEVER provide your Password!
Phishing emails targeting campus want your MtA credentials.
Some attackers will set up fake web sites and send emails with an immediate call-to-action that demands you to "update your account information" or "login to confirm ownership of your account".
- DON'T CLICK on Hidden links!
You may receive an email telling you to "click here" to verify your account. Hover over the link (don't click!), or for a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.
- REJECT if you question the Sender!
You may receive an unexpected e-mail that claims to be from the "Help Desk" or someone you know saying you must click a link to prevent problems with your account.
The only time we will ask you for account information is when you initiate contact with the Helpdesk. We will only change your password, if you call us, we do not send passwords via e-mail.
- STOP if it looks Urgent!
If it says it's urgent, don't panic and don't be too quick to click on email links or attachments, even if the message looks urgent and threatening.
If you realize that you have replied to a phishing email, please change your password immediately and contact our Helpdesk.
Never click on a link and provide personal information!
Here are some examples of actual phishing e-mails people have received at Mount Allison. The red circles point out the key indicators that this is a phishing e-mail.
Phishing example 1:
Phishing example 2: