Phishing Emails

Phishing Emails

How to spot "fishy" emails in your inbox

DELETE IT: Don't Get Hooked

What are phishing emails?

People who want to steal your information can be clever. A common trick used by cyber criminals is to send you an email, which appears to come from someone you trust. The email will urge you to click on a link to verify your account, update your “expired” password, or open an important attachment.

A common example of phishing is the notorious Nigerian Prince email scam that promised a gift of a lot of money in exchange for banking information. It may sound like an obvious scam, but these types of phishing attacks are sent to large numbers of random email addresses and people may eventually provide personal information by accident.

Often these messages are marked as Urgent and contain links to sites designed to steal your information or hack your computer. Remember, UBC will never ask you to provide your password.

156 million phishing emails are sent out each day

10% of these emails manage to get through spam filters.*

80,000 people fall for a scam each day

which can result in stolen identities, financial loss, and credit card fraud.*

* Both statistics from:

1How can I recognize a phishing email?

Phishing messages can come in many different disguises, from sophisticated deception to obvious fraud. Watch out for these five common characteristics of phishing emails:

  1. Sense of urgency and time constraint
  2. Requests to verify accounts or credit card numbers
  3. PDF attachments from businesses
  4. Poor grammar and spelling
  5. Links that don’t look quite right (e.g. instead of

*Remember: “Think before you click the link”. If you have any concerns about a message or link, don't open the message or click the link. Instead forward it as an attachment to

2What if I accidentally fall for a phishing email?

As cybercriminals get more sophisticated with their tricks, it can be harder to recognize phishing emails. If you respond to a phishing email with your password, change it immediately and notify the UBC Information Security team at We will work with you to protect your account.

If you accidentally open an attachment from a suspicious email, delete it immediately (and empty the Recycling Bin on your desktop) and send an email to to let them know about the incident.

3How do I report a phishing email?

You can report phishing attempts by forwarding them as an attachment to the UBC Information Security office at

If you see a suspicious email with UBC branding, logos, and language please contact the UBC Information Security office immediately at the email above. When we are made aware of a phishing campaign, we can immediately begin identifying and protecting accounts that may have been compromised.

Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.

Go even further...

For a much more in-depth look at phishing at UBC, you can:

Complete the full Fundamentals training to learn how to protect yourself and others
Learn more about dealing with phishing emails at UBC