Phishing is Online Identity Theft
Phishing is a form of identity theft where victims are lured into giving away sensitive information, usually through email (although users can also be targeted by phone or text). Messages are designed to look like they are coming from trusted businesses, like banks, government agencies or even from within Queen's University. Often they are trying to steal your identity or login credentials to gain access to your accounts and use them to commit other crimes.
The most common phishing attempts at Queen's are emails requesting your NetID and password by tricking you into clicking on a hyperlink that takes you to a fake login website.
FACT: ITS will never ask for your NetID password.
NEVER: Reveal your NetID password.
If you receive a phishing message to your Queen’s email inbox, please report it to firstname.lastname@example.org.
How to protect yourself from phishing
The best way to protect yourself is to learn how to recognize phishing messages. The presence of one or more of the following doesn't always indicate the email is a phishing attempt however it does mean you should be vigilant about what you are clicking on. Most phishing messages usually share some common traits:
An urgent request for information
The message may ask you to "verify" or "confirm" confidential information by replying to the email or by trying to get you to click a link to a website or form. It may be a time-sensitive warning, to bait you into acting without thinking. For example, "Your account will be deleted if you don’t respond immediately."
REMEMBER: Legitimate businesses have policies against this practice.
Suspect links, attachments or email addresses
Links may lead to a fake website or may download malicious code onto your computer or device. You can preview a link by rolling your mouse over it. If the URL doesn't look right, don't click it! Attachments could contain viruses or malware. The sender's email address may be spoofed and not match the company it claims to represent.
Note: When visiting a Queen's University log in site, always verify that the site is secure. A secure log in is indicated by "https://" in the URL along with either a lock symbol, green text or a green highlighted URL bar. If none of these items are present, please check with the IT Support Centre.
NEVER: Open unsolicited attachments or click links without checking the URL.
Errors and inconsistencies
Spelling, grammar and factual errors are common in phishing emails.
LOOK FOR: Spelling and grammatical errors, no corporate branding, or poor quality overall.
Verify the protocol (https) and verify the hostname
A highly effective phishing technique is "spoofing" a web page so the target believes they are logging into a safe site when in reality they are logging into a phishing site. An email may include something that looks like a thumbnail of an attachment and come from someone you know and trust who has had their account hacked. If you click on the image, a new tab opens and you are prompted to log in. A quick glance at the location bar (URL) shows what you think is the correct URL. Once you complete your login, your account has been compromised. Upon closer inspection you will notice that the beginning of the URL contains data:text/html,https://
This phishing technique uses something called a "data URI" to include a complete file in the browser location bar. When you see data:text/html... it is a very long string of text that is actually a file that opens in a new tab and creates a completely functional fake login page with sends your credentials to the attacker.
For more details on this technique visit the Wordfence Updates on CyberSecurity, WordPress and what we're cooking in the lab today located at: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
- See our Phishing Samples page for examples of real phishing emails at Queen's.
- Want to learn more? Take the Dell SonicWall Phishing Test.
What to do if you get "hooked"
If you fall for a phishing attack by clicking on the link provided in the email and attempt to log into a fake login page, you may receive an error notice after entering your credentials before being redirected to another valid page. Rerouting to a legitimate login page is intended to make you think that you simply entered your password incorrectly and on the next attempt you will successfully access the valid site. If you suspect that your NetID or email has been compromised, you should change your password immediately. Please also report the attack to the IT Support Centre so that we are aware of the issue and, should you require further assistance, our techs can help you through the next steps.
CHANGE: Your NetID password immediately.
REPORT: Call the IT Support Centre at 613-533-6666, or fill out the Online Help Form.
How phishing affects Queen's
Queen's realizes that phishing is a big concern. In a given month, we see about 14,000,000 incoming messages, with close to half rejected as spam. Even with the best technology in place, some phishing attempts get through. Compromised accounts can be used to send spam, which overwhelms our systems and causes Queen's to be blacklisted by other email services. We scan outbound email for spam to identify these accounts and lock them down before this can happen.
Important: NetIDs can be used to access not just personal information, but institutional information as well. Making this available to an unauthorized party means putting the security of the entire university at risk.