Note: The samples shown below are not intended as a definitive list of phishing emails in circulation at Queen's.
This first phishing sample was widely circulated at Queen's in the fall of 2010. It is notable for its poor spelling and grammar.
From: QUEEN'SU UNIVERSITY
Subject: QUEEN'SU UNIVERSITY
To: undisclosed recipients: ;
Dear QUEEN'SU UNIVERSITY Webmail user,
We are currently verifying our subscribers email accounts in order to
increase the Efficiency of our webmail features. To partake in this
Recent Upgrade Taking Place at QUEEN'SU Webmail, You must Reply to this email by Confirming your account details below.
Date Of Birth:
Failure to do this will immediately render your Web-email address
deactivated from our database.
Thanks for using QUEEN'SU webmail service.
QUEEN'SU Account upgrading.
QUEEN'SU UNIVERSITY, 2010
This second email started circulating at Queen's in early 2011. Note the use of Queen's-specific language (such as NetID, IT Support Centre, ITS Help Form) as well as Queen's official mailing address.
From: IT Support Centre [email@example.com]
Subject: IT Support Centre Notice/News.
This notice is to inform you that an ERROR have been detected in your NetID email account, this ERROR was caused by congestion and SPAM emails. You have been contacted in order for you to confirm your account and avoid losing it. Kindly confirm your account by sending the requested information below.
ITS Help Form
* Phone Number:-
This notice is from IT Support Centre.
99 University Avenue
Canada K7L 3N6
© Queen's University
Finally, this third email is an example of "spear phishing", or an email that is targeted at a specific group of people. In this case, it emulates a real email that has been circulated by an ITServices staff member, except that the link to the password change tool has been altered to point to a non-Queen's URL, and the telephone number for the IT Support Centre has been altered by one digit.
This is a warning about a message sent to a number of people at Queen's with the subject "UPGRADE YOUR ACCOUNT".
Mail server logs indicate you may have received this message. It asks you to provide your password and other personal information via a web link. It is a hoax, attempting to steal your password. Do not reply to that message or follow any web links it contains; just delete it.
If you have already replied with your password or gotten such mail, change your password immediately, using the ITServices password change at
Do not send your password to anyone in response to an email notice. Do not assume the absence of a warning from ITServices means a request is valid. Queen's University will never request your password by email.
If you are uncertain about the validity of a request for your password, please telephone the Queen's IT Support Centre at 613 523 6666.