Every day, members of the UBC community receive messages by email, text, and phone. These communications keep us connected, but they also open doors to phishing attacks that rely on human behaviour rather than technical weaknesses. Phishing succeeds because it targets how we think, feel, and react.
Understanding why we sometimes click before we think is one of the most important steps toward keeping our systems, data, and people safe.
How Our Minds Get Tricked
Phishing—whether by email (phishing), text (smishing), or phone (vishing)—is effective because it takes advantage of normal psychology. Instead of trying to break through strong systems, attackers try to persuade us to act against our own best interests.
- Mode 1: Fast, emotional, and instinctive. It helps us take quick action and make snap decisions.
- Mode 2: Slow, logical, and deliberate. It steps in when we need to concentrate or solve a problem.
Phishing messages are designed to trigger Part One—our instinctive system—so we react quickly instead of pausing to analyze. When urgency or emotion drives us, we are more likely to overlook clues, skip verification, and click.
Practical Steps: Activating Your Logic Centre
The most effective defence is pausing long enough to engage logical thinking. When something feels urgent, emotional, or too good to be true, it’s a signal to slow down and look more closely.
Here are practical ways UBC faculty and staff can protect themselves and the community:
| Pause and Verify | If a message asks you to act urgently or involves sensitive information, take a moment to think. Ask whether this request fits normal expectations. |
| Use Official Channels | Don’t click the link or call the number in a suspicious message. Instead, contact the sender through official information—for example, through your regular work contacts or by navigating directly to a known website. |
| Know the Rules | Legitimate organizations will not ask for passwords or other personally identifiable information through email or text. Requests for items like credit card numbers or government IDs are major red flags. |
| Report UBC-Affiliated Scams | If you receive a suspicious text message claiming to come from UBC, forward the message to security@ubc.ca. |
| Stay Informed | Training is a powerful tool. Courses such as the Privacy & Information Security – Fundamentals training help build awareness. The Privacy Matters @ UBC microlearning hub was designed to make privacy and cybersecurity learning bite-sized, engaging, and memorable. Each module focuses on practical, real-world situations so you can quickly build awareness and confidence. |
Your Mind Is Your Strongest Firewall
Phishing is fundamentally psychological. It targets our trust, our emotions, and our instinct to react quickly. At UBC, protecting our information and systems is central to supporting our learning, research, and administrative work.
By recognizing the emotional triggers behind phishing attempts and pausing before we act, each of us can make a difference. Every message presents a choice: react or reflect. When we choose to slow down and think critically, we strengthen our collective security.
Together, we help protect the people, information, and mission that make UBC thrive.
Always remember: your attention is one of the most powerful security tools you have.