What you need to know about phishing
Phishing scams are increasing and becoming more sophisticated. Many phishing attempts continue to target faculty members, staff and students. Through a collective effort, McMaster will continue to protect and enhance our online security.
Phishing is an attempt to trick someone into handing over sensitive information, usually login credentials. Often, we think of phishing as being obvious: a foreign prince needs a few hundred dollars from you in exchange for ridiculous sums of money. The reality of phishing is far more sophisticated.
But recognizing phishing is easy — remember to identify, report and delete suspicious messages.
Identify
Hover your mouse over links before clicking them to ensure they lead to a trusted location. Also, hover over the sender address to confirm the sender.
If you’re unsure about an email request, an attachment or a link that you have received, don’t act until you have confirmed with the sender that they are legitimate. The best way to confirm is by phone!
Don’t follow links if you don’t have to. For example, if you receive a request to login to Mosaic, navigate to Mosaic manually and login to avoid clicking the link in the email. Some phishing will direct you to a fake login page and track your login information.
Report
Report known or suspected malicious emails to is-spam@mcmaster.ca. This is how you will contribute to protecting others.
Delete
Delete it from your inbox and your deleted mail.
Many phishing attempts will also use social engineering, a type of psychology manipulation to trick you into performing an action. For example, a phishing message might claim you have an outstanding balance, then urging you to download a malicious attachment to review your bill. This urgency might cause you to act without first assessing if the message is legitimate.
McMaster’s Information Security Services team has many resources to help spread awareness of cyber security. A new phishing awareness course, offered through Avenue to Learn is also available for the community.
Throughout October, staff, students and faculty members can participate in GetMFA, a campus-wide campaign to share cyber security awareness and a chance to win some great prizes such as Apple AirPods, a Bose wireless speaker and more! Importantly, you also get to learn more and protect yourself along the way.
Protect your devices. Protect your data. Protect yourselves.
News Category