Information Technology Services
Information Technology Services

October is Cyber Security Awareness Month! Each week ITS will be releasing important information to keep our community safe online. For more information about this initiative, visit the ITS Cyber Security Awareness page.


Spear that phishing attack before it catches you!

Have you ever seen an email in your inbox with messages like the following:

“Dear Student, We have finished an important update to our campus email server.
Please reconfigure your account by clicking on the following link...”

“IT Help Service has detected something unusual in our web server.
Validate your email account by logging into your account again...”

“Your account is over its storage limit.
You will not be able to receive new email until your re-validate it by clicking on the link below.”

If you have seen something similar, chances are you are being phished.


What is phishing?

Phishing is a form of identity theft where victims are “lured” into giving away sensitive information such as usernames, passwords or banking information, usually through email. These emails are designed to look like they are coming from a trusted source such as a bank, government agency or the university. Besides email, these tech-savvy con-artists may also use pop-up windows or text messages to snag unsuspecting users.

While filters on Queen’s servers stop many phishing attacks from ever reaching your inbox, there are some that manage to get through the system. In fact, if another user’s account has already been compromised, they can be sending out phishing attacks from within the organization. For examples of real phishing schemes that have come to Queen’s University users, visit the ITS Phishing Samples webpage.

How to protect yourself against phishing attacks

You should always be suspicious of emails asking for your personal information, especially if the message appeals to your fear response to take immediate action. If the email looks suspicious, you should always contact your school, bank or government agency by a different means of communication (for example, calling your local bank branch or, if it is relates to Queen’s, call the IT Support Centre by telephone).

The best way to protect yourself against a phishing attack is to learn how to recognize these messages. The Queen’s ITS Phishing webpage offers important tips on specific traits to look for if you think you’re being phished.

It is also important to take note of whether the page you are visiting to log into is secure. In most browsers, the address line at the top of the browser will display a lock that indicates the login page being accessed is legit. The last section of the ITS Phishing webpage houses resources outlining how to determine whether a website is secure for different browsers.

What if you get hooked?

If you fall for a phishing attack by clicking on the link provided in the email and attempted to log in to a fake login page, you may receive an error notice after entering your credentials before being redirected to another valid page. Rerouting to a legitimate login page is intended to make you think that you simply entered your password incorrectly and on the next attempt you will successfully access the valid site.  If this happens to you, it is crucial that you change your account password immediately as you may have just been phished!


ITS will never ask for your NetID password or the answers to your challenge questions

If you receive an email or pop-up requesting information about your NetID or Queen’s email address, contact the IT Support Centre immediately by calling 613.533.6666 or by filling in the online help form.