McGill University, like many other institutions, has recently been a victim of fraudulent emails, a scam commonly referred to as “phishing.”
It is easy to deceive an inexperienced user by sending him an email with a strong incentive to click on fake websites which closely mimic legitimate ones.
Once the user’s trust is gained, he may provide the requested information, such as his access codes and passwords, his account numbers or other personal information. After the information is obtained, scammers can use it to commit fraud or mischief, such as identity theft, unauthorized access to computer systems, bank fraud, etc.
It is therefore important to educate users to recognize these scams, to avoid opening these emails and to refrain from clicking on any embedded links. To lure users to open them, phishing emails usually contain a catchy title or urgent situation (“hacked account”, “computer infected with a virus”, “major problem”, etc.). The email describes an emergency situation and may sometimes include threats if the user does not click on the link provided.
Users should be aware that both universities and banks never send emails containing links to sign in to their website. Users should always sign in to the institution’s site directly via their web browser.
Phishing emails are not usually addressed to a particular individual (by indicating their name); however, spear phishing techniques are increasingly targeting specific users.
For more information about the phishing attack targeting McGill University, read this article:
To learn more about phishing and spear phishing techniques, please click on the following links:
- Terranova Training’s microsite on phishing awareness
- Phishing (blog)
- Are your users well educated on phishing techniques? (blog)
- A bank educates its clients on identity theft
Learn more about Terranova Training’s simulation and phishing awareness solutions or ask for your free trial.
By Patrick Paradis, Information Security Advisor