DELETE IT: Don't Get Hooked
What are phishing emails?
People who want to steal your information can be clever. A common trick used by cyber criminals is to send you an email, which appears to come from someone you trust. The email will urge you to click on a link to verify your account, update your “expired” password, or open an important attachment.
A common example of phishing is the notorious Nigerian Prince email scam that promised a gift of a lot of money in exchange for banking information. It may sound like an obvious scam, but these types of phishing attacks are sent to large numbers of random email addresses and people may eventually provide personal information by accident.
Often these messages are marked as Urgent and contain links to sites designed to steal your information or hack your computer. Remember, UBC will never ask you to provide your password.
156 million phishing emails are sent out each day
10% of these emails manage to get through spam filters.*
80,000 people fall for a scam each day
which can result in stolen identities, financial loss, and credit card fraud.*
1How can I recognize a phishing email?
Phishing messages can come in many different disguises, from sophisticated deception to obvious fraud. Watch out for these five common characteristics of phishing emails:
- Sense of urgency and time constraint, very brief
- Requests to verify accounts or credit card numbers
- PDF attachments from businesses
- Poor grammar, spelling and formatting
- Non-UBC Email (“CAUTION: Non-UBC Email” indicator at the top of the body of email)
- Display name does not “match” the email address
- Links that don’t look quite right (e.g. www.u-bc.ca instead of www.ubc.ca)
*Remember: “Think before you click the link”. If you have any concerns about a message or link, don't open the message or click the link. Instead forward it as an attachment to firstname.lastname@example.org
2What if I accidentally fall for a phishing email?
As cybercriminals get more sophisticated with their tricks, it can be harder to recognize phishing emails. If you respond to a phishing email with your password, change it immediately and notify the UBC Information Security team at email@example.com so we can work with you to protect your account.
If you accidentally open an attachment from a suspicious email, delete it immediately (and empty the Recycling Bin on your desktop) and send an email to firstname.lastname@example.org to let them know about the incident.
3How do I report a phishing email?
You should report phishing attempts by forwarding them as an attachment to the UBC Information Security office at email@example.com
For assistance in reporting, see this guide to create quick steps in Microsoft Outlook for Windows to report phishing and remove it in one click.
Similar instructions have also been prepared for removing spam messages
If you see a suspicious email with UBC branding, logos, and language please contact the UBC Information Security office immediately at the email above. When we are made aware of a phishing campaign, we can immediately begin identifying and protecting accounts that may have been compromised.
Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.
If you are working from a cellphone or tablet which makes it difficult for you to forward an attachment, please just forward the email to firstname.lastname@example.org and then follow up with the attachment at your earliest opportunity, referencing the Incident ID which will have been automatically generated for you.
Go even further...
For a much more in-depth look at phishing at UBC, you can:Complete the full Fundamentals training to learn how to protect yourself and others
Learn more about dealing with phishing emails at UBC