Phishing is a method of trying to get people to give away their personal and confidential information. It is accomplished electronically - usually through email - and is successful because the person requesting the information masquerades as a real company, such as eBay, CIBC, Amazon - or Queen's University.
The most common phishing attempts at Queen's are emails requesting your NetID (or username) and password. Giving away this information results in what's known as compromised accounts.
Please remember that no legitimate authority at Queen's will ever ask you to divulge your NetID password. It is a violation of the Queen's Computer User Code of Ethics to tell anyone your NetID password.
Between September 2010 and February 2011, more than 800 email accounts at Queen's were compromised. By far the most common way this occurs is that the owner of the account freely gives away their NetID and password.
If you fall prey to a phishing scam directed at your email account, the consequences for the University can be severe. Your email address can be used to send hundreds of thousands of spam emails through the University's email servers. This results in Queen's University being blacklisted and put on the list of known spammers. The outcome of these attacks is that external email services such as Hotmail have blocked or greatly reduced the amount of traffic allowed from the @queensu.ca email system. Being blacklisted in this manner seriously damages the University's reputation.
It is also important to remember that NetIDs and passwords are used to access all sorts of information in addition to email. There are systems at Queen’s that use NetIDs to access data relating to grades, finances, medical information, and a wide variety of other confidential and personal information. When someone gives away their NetID and password, they are potentially making all of this information available to an unauthorized party.
Be aware that phishing is not just about stealing your NetID and password. Phishers are also after personal information that could aid them in stealing your identity. Information like your date of birth, your home address, your social insurance number, your driver's license number, even your mother's maiden name, can all be used to access your financial information, open bank accounts, obtain credit cards, and acquire cell phones.
It can be very difficult to recognize phishing emails, but they usually contain one or more of the following characteristics:
Visit our Phishing Samples page to see specific examples of phishing emails at Queen's.
The best way to protect yourself is to be aware, be cautious, and observe the following guidelines:
If you think someone else may know your NetID password, you should change it immediately by following the instructions found on the NetID Password Change page. If you have divulged bank or credit card information, contact those companies immediately.
The onslaught of phishing emails at Queen's has prompted ITServices to make some changes in the handling of email through the @queensu.ca email system. ITServices is working diligently to adjust the infrastructure of the mail system to prevent as many phishing and spam attacks as possible. Amongst other things, we're now filtering email submitted to mail.queensu.ca on the secure port 465 before it reaches our email servers. We are also applying this filtering to email submitted through webmail.queensu.ca.
ITServices will continue to monitor and fine-tune the email infrastructure to respond to new challenges and demands upon the system. As well, we are working hard to communicate with our stakeholders about the dangers of phishing so we can educate users about safe practices.