Phishing has been around for decades, yet it remains one of the most common and effective cyber threats today. Many people picture sophisticated, highly technical attacks—but what often surprises security teams is how well simple, low-effort scams still work.
Phishing is a form of social engineering in which criminals impersonate trusted organizations or individuals to trick people into sharing sensitive information such as passwords, login credentials, or financial details. Understanding why these basic techniques remain successful helps us all strengthen our cyber awareness and protect the UBC community.
Why Simple Scams Still Succeed
Low Cost and High Payoff
Phishing has become highly accessible. Ready-made phishing kits, templates, and infrastructure—sometimes sold as “Phishing-as-a-Service”—make it easy for even inexperienced attackers to launch convincing scams. These kits can mimic legitimate websites and portals, capturing credentials with very little effort.
Because phishing is inexpensive, easy to automate, and requires only one person to click, it continues to be a favourite tactic for attackers year after year.
People, Not Technology, Are the Target
Phishing works because it focuses on human behaviour. These messages are designed to trigger emotional reactions such as worry, urgency, or excitement. A message that insists you must act immediately can short-circuit your usual caution, especially when your day is busy, and you want to respond quickly.
Even experienced, tech-savvy users can fall for a well-timed message that looks familiar or feels urgent. This is why phishing remains difficult to eliminate with technology alone—humans, not machines, are the primary target.
The Stakes Are Higher in a University Environment
In a large institution like UBC, a single successful phishing message can open the door to much larger problems. Stolen credentials can allow attackers to move through multiple systems, potentially leading to data breaches, financial fraud, or ransomware that disrupts operations.
Attackers Increasingly Tailor Their Tactics for Maximum Impact
- Spear phishing: Messages crafted specifically for an individual using personal or professional details to build credibility.
- Business Email Compromise (BEC): Attackers impersonate executives, managers, or trusted vendors to request transfers or sensitive information.
These targeted approaches show how phishing can be both simple in execution and significant in impact.
Practical Steps: How to Protect Yourself and UBC
| Pause and Verify | If a message pressures you to act quickly or something just feels “off,” slow down. A moment of caution can prevent a successful scam. |
| Check the Sender Closely | Look beyond the display name. Subtle misspellings, unusual domains, or extra characters can be signs of typosquatting. Be cautious of generic greetings such as “Dear User.” |
| Hover Before Clicking | Hover your mouse over links (without clicking) to preview where the link really goes. If the address looks unusual, has extra characters, or doesn’t match the organization, it’s safer to avoid it altogether. |
| Confirm Through a Known Channel | If a colleague or organization sends an unexpected request, do not use the contact information in the email. Reach out through a trusted method—such as a known phone number or by navigating to the official website yourself. |
| Use Multi-Factor Authentication (MFA) | MFA adds an essential layer of protection. Even if someone steals your password, MFA can stop them from signing in. |
| Report and Delete Suspicious Messages | Report the suspicious message to security@ubc.ca, then delete the message. Do not click links or reply, even to “unsubscribe.” |
Protecting Our Community
Phishing continues to thrive because it takes advantage of human nature—not because people are careless, but because attackers are persistent and creative. By staying aware and taking simple steps to double-check unusual messages, every member of the UBC community strengthens our shared security.
Your attentiveness helps prevent data breaches, financial loss, and operational disruption. Most importantly, it reinforces a culture of care and vigilance that protects the people, research, and systems that make UBC thrive.