Notice of increased spam and phishing attacks at Queen's
You may have noticed a trend in your inbox recently involving emails asking you to verify personal information such as your NetID and password.
Information Technology Services (ITS) wants to ensure that you are aware of the nature of these emails, what they mean, and what to do should you encounter this type of attack.
On May 23, 2016, ITS was made aware of several phishing emails asking for users' NetID and passwords. The emails specified that if the NetID and passwords were not obtained, the user’s Queen’s account, library account, or other personal account would become invalidated. The user was urged to act quickly in order to keep their account active.
Why is this important?
Spammers and phishers may use your personal information to gain access to your account and conduct illegal activities that can damage both you and the entire university network.
ITS will never ask you for your NetID and password via email.
ITS will never ask you to click on a link in an email to input your NetID.
These attacks are becoming more sophisticated, using internal email addresses and real contact information to reach victims and dupe them into trusting the source. It is possible that you may even receive this type of email from another Queen’s student or a Queen’s email address (ending in @queensu.ca).
Do not respond to these emails.
Never click on links asking you to enter your NetID password.
If you have received a phishing message and clicked on the link or opened an attachment, you should change your password and contact the IT Support Centre for assistance.
Observe and Report
If you have received a phishing message, you should take the following steps:
DON'T CLICK ON THE LINK!
REPORT IT - forward PHISHING emails to firstname.lastname@example.org.
CONTACT the IT Support Centre for help by calling 613-533-6666 or by filling in the Online Help Form.
Examples of recent attempts have been included below. For more examples of phishing attempts that have come into the university, please visit the Phishing Samples page on the ITS website.
Example 1 - May 16, 2016:
Example 2 - May 18, 2016: