Pop quiz: 鈥淧hishing鈥 is:
a) A typo for 鈥渇ishing鈥
b) Travelling to attend concerts from your favourite jam band
c) A criminal activity carried out by fraudsters attempting to obtain sensitive information such as passwords and credit card details
The answer, of course, is c.
Phishing, sadly, is a reality of Internet life in the 21st century. Each of us can recall countless mysterious emails, tweets or websites inviting us to reply, click or offer up our password. And we think we know what to do about them: don鈥檛 reply, don鈥檛 click, delete.
But Dal鈥檚 information security manager says it鈥檚 more important than ever to be diligent about phishing 鈥 because the phishers are getting smarter.
鈥淭his new generation of scammers aren鈥檛 sending emails about fake inheritances or that sort of old-fashioned trick,鈥 explains John Bullock with Dal Information Technology Services. 鈥淚nstead, they鈥檙e building emails that look like they鈥檙e coming from your bank, your government 鈥 or your university.鈥
Never give out your password
Bullock says it鈥檚 difficult to pin down exact volumes when it comes to scam emails, but generally ITS has seen an increase in recent years in the number of scam emails purporting to be from 鈥淒alhousie.鈥 To make it seem like they鈥檙e coming from the actual university, the emails can use images of the university or phrases like 鈥淢yDal鈥 or 鈥淗elp Desk.鈥 Some pull factual details from Dal鈥檚 Wikipedia page to seem more real.
One sure-fire way to know that these emails are fake is that many ask for your password.
鈥Dalhousie will never ask for your password by email, nor will any reputable organization,鈥 says Bullock.
But not all phishes have such a clear 鈥渢ell鈥 that gives them away. That鈥檚 why Bullock advises never to click links in any email that you weren鈥檛 expecting, or links that give you even the slightest suspicion. And just because you recognize the sender doesn鈥檛 always mean its safe: 鈥渇rom鈥 and 鈥渞eply-to鈥 fields can be faked, and phishers do research so the message resonates with their intended victim.
鈥溾橞etter safe than sorry鈥 is always the best approach, whether it鈥檚 an email, a mysterious tweet or something else,鈥 says Bullock. 鈥淚f you鈥檙e at all suspicious, either delete the message, visit the official website manually in your web browser and navigate down from there, or pick up the phone and call or text the person or office who sent it.鈥
Protecting your information
The consequences of getting phished through your Dal account are serious, both for you and for the university. Your email account and passwords could be used for fraud or illegal activity, or your computer could be attacked with 鈥渄rive-by-download鈥 software that allows others to use it. On Dalhousie鈥檚 end, the more @dal.ca accounts are used for phishing scams, the greater the risk that the university domain could be 鈥渂lacklisted鈥 by other companies and email service providers, preventing Dal email from reaching them.
鈥淕etting caught in a phishing scam affects you, your friends and colleagues and the entire Dal community,鈥 says Bullock. 鈥淭hat鈥檚 why constant vigilance is so necessary.鈥
Avoiding phishing
- Delete requests for your password
- Don鈥檛 click links or open attachments in unexpected email
- Be suspicious of any requests for financial information
- Do not fill out forms embedded in email messages
- Keep your web browser and plug-ins up-to-date
- Avoid clicking links in private messages on social media sites that you were not expecting
- If you think you have been phished, .