Cyber criminals want access to your personal information and passwords! You can stop them.

A “phishing attempt” happens when a cyber criminal poses as a legitimate organization – like the University or your bank – to get you to provide them with confidential information. Phishing attempts often happen over email.  Phishing messages can lure you into clicking a link to a web page that mimics a legitimate site, such as the University of Guelph Single Sign-On page. In such an instance, if you enter your credentials, the phisher will have access to both personal and University information that they can sell, use for criminal activity or hold hostage for payment.

The University’s Information Security team, part of Computing and Communications Services (CCS), actively filters out millions of malicious emails every day and responds to reported threats. However, users are still vulnerable to new and emerging scams. You need to do your part to help keep your information safe!

Signs of a phishing attempt

A message that contains any of the following could be a phishing attempt:

• The sender’s email address doesn’t match the organization from which it claims to be sent (e.g., your bank would never send a message from a Gmail account)
• Links in text or in images display URLs that aren’t what you expected or don’t look legitimate when your cursor hovers over them
• Offers that seem too good to be true
• Urgent requests for personal information with severe or unrealistic consequences for inaction
• Spelling or grammatical errors
• Unexpected attachments
• Short URLs like bit.ly, owl.ly, etc. You don’t know where these links will take you. You can trust short links that start with uoguel.ph because they are unique to U of G and are safe!

How to protect yourself from a phishing attempt

Phishing attempts happen every day, but you can protect yourself!

• Do not respond to suspicious messages or click any links in them until you have confirmed the message is safe
• Do not provide your password to anyone. Remember that U of G will never ask you for it
• When entering your U of G password online, always double-check that the URL at the top of the page reflects the legitimate U of G Single Sign-On page (look for the green lock symbol and “University of Guelph” in green text at the beginning of the URL).

Find more information on cyber security at U of G:

• Recent Scams and Phishing Attempts page on the CCS website
• CCS Information Security website
• CCS Twitter (@uofgccs)
• Come to the Cyber Security Awareness Roadshow on Oct. 29 in the UC Courtyard – free pizza and giveaways!
• Contact the CCS Help Centre at IThelp@uoguelph.ca.

Be aware and be safe!