Identifying & Reporting Suspicious Emails

Phishing emails, disguised as legitimate messages, lurk in the depths of our email folders, waiting to deceive the unwary. Recognizing and reporting these suspicious emails isn't just a good practice—it's imperative for safeguarding sensitive information and upholding the integrity of our institution.

Top Tips for Identifying Phishing Messages:

1. Check the Sender's Email Address: Take a moment to scrutinize the sender's email address. Cybercriminals often use deceptive addresses that mimic official domains but contain slight variations or misspellings. Be wary of addresses that seem unfamiliar or suspicious.
2. Inspect the Content: Phishing emails often employ urgent language or alarming requests to manipulate recipients into acting without thinking. Look for inconsistencies or unusual formatting that may indicate a fraudulent message.
3. Beware of Suspicious Links and Attachments: If the link appears dubious or redirects to an unfamiliar website, it's likely a phishing attempt. DO NOT CLICK on the link. Instead, forward it as an attachment to security@ubc.ca.
4. Verify Requests for Personal or Financial Information: Legitimate organizations will not request sensitive information like passwords, social security numbers, or financial details via email. Treat any such requests with skepticism and verify their legitimacy through official channels.
5. Trust Your Instincts: If something about an email seems off or too good to be true, trust your gut instinct. Cybercriminals prey on our emotions and curiosity, hoping to exploit our trust and compromise our security. Report the message by forwarding it as an attachment to security@ubc.ca. If you are working from a cellphone or tablet which makes it difficult for you to forward an attachment, please just forward the email to security@ubc.ca and follow up with the attachment at your earliest opportunity, referencing the Incident ID, which will have been automatically generated.

Why Reporting Suspicious Emails Is Crucial:

Reporting these suspicious messages to the UBC Cybersecurity team at security@ubc.ca is paramount for several reasons:

1. Protecting Personal and Institutional Data: Reporting suspicious emails helps safeguard sensitive information, such as login credentials, financial data, and intellectual property. By alerting the cybersecurity team, you contribute to the collective effort to fortify our university's defenses against cyber attacks.
2. Preventing Further Compromise: Phishing emails often serve as entry points for more sophisticated cyber attacks, such as ransomware or data breaches. Promptly reporting suspicious emails enables UBC Cybersecurity to investigate and mitigate potential threats before they escalate into larger security incidents.
3. Educating the Community: Each reported phishing email provides valuable insights into the evolving tactics employed by cybercriminals. By sharing this information with faculty and staff, the Privacy Matters @ UBC team can enhance awareness and empower individuals to better identify and thwart future phishing attempts.

Go even further: learn how to identify phishing emails generated by AI.