Each year, the McGill community is targeted by hundreds of phishing emails, many of which can be hard to recognize and identify.
So in the coming weeks, IT Services will send out several mock phishing emails to the McGill community as part of a proactive approach to build awareness of phishing. Users who click on the link in one of the phishing emails will be redirected to a page informing them that they have participated in a phishing-awareness exercise. They will be encouraged to take IT Services’ online Security Awareness training and learn how to identify and avoid falling victim to these types of scams.
Phishing is used by cybercriminals to steal personal information, money and data. Typically these scams are carried out by email, texts, websites and phone calls that masquerade as emanating from a legitimate source. Most of the time, they use a scare tactic, such as a warning that your account is about to expire or has been compromised, to get you to click on a link that takes you to a fake website whose look and feel is almost identical to the legitimate one.
Some of the most common phishing scams involve an email that appears to be from a bank, social media, your email provider, and even McGill. You can often spot a phishing email by watching for the following:
• Misspellings and bad grammar: Many phishing scams originate from overseas and they often contain grammar and spelling mistakes. While legitimate organizations do occasionally send out emails with a mistake in them (it happens to us all), if you spot a mistake, pay extra attention to what the email is asking you to do.
• Links in email: If you see a link in a suspicious email message, don’t click on it. Place your mouse (but don’t click) over the link to see if the address matches the link that was typed in the message.
• Threats: Have you ever received a threat that your McGill email account would be closed if you didn’t immediately respond and provide your login credentials? Cybercriminals often use threats that your account will be closed if you don’t take action, or tell you that your security has been compromised.
• Looks similar to a popular website or company email: It’s easy to use graphics in email that have been taken from legitimate websites, so a phishing email or site looks almost like the real one. Instead, they take you to a phony site or legitimate-looking pop-up window that steals the information you enter and transmits it to their server.