Phishing

What is Phishing?

Phishing is a commonly used online scam that attempts to trick you into providing your personal information such as your Login ID and Password, credit card number or Social Insurance Number. This is usually done through email, and the person requesting your personal information (ie: the phisher) tries  to make you believe they are trustworthy and from a legitimate source.

Why is Phishing bad?

Successful phishing scams can have severe consequences not only to the individual who’s account has been compromised but also to UNB.

If a phisher gains access to your UNB Login ID and Password, they can use your UNB email address to send hundreds, thousands or even millions of spam emails through UNB’s email servers at no cost to them. This means that if even one person responds to their spam, they've made money. As a result of these millions of emails, external email services like Hotmail or Gmail may consider any emails sent from a UNB email address as untrustworthy and have them blocked. This stops all UNB email from flowing through their service and also negatively impacts the reputation of UNB.

Besides making money through spam email, phishers can also use your UNB Login ID and Password to access a variety of personal and confidential information such as your financial and medical information, addresses and phone numbers, data relating to your grades, and more, which can put you at risk of identity theft.

How can I recognize a Phishing email?

What to look for:

  • Clickable links or attachments that ask you to verify or provide your personal information such as your Login ID and Password or credit card number. If you hover your mouse over a link in an email, the real address of the website associated with the link will appear in the bottom left hand corner of your screen. If you do not recognize the link or it does not match the company or person the email is claiming to come from, or if the link contains several different characters like # and %, it is likely a phishing email.
  • Misspelled words and/or poor grammar
  • A threatening message, such as “your account will be deleted if you do not act immediately”
  • Email addresses in the “From” and “Reply to” fields that are not the real address of whoever the email is claiming to come from (ie: an email claiming to come from the President of UNB coming from a non-UNB email address)

Is Phishing a big issue at UNB?

During the 5 month period of September 2011 to January 2012, at least ten UNB email accounts were compromised as the result of users responding to phishing emails. Because of this, between 6 and 7 million spam messages were sent from UNB email addresses in the fall of 2011 alone.

What should I do if I receive a Phishing email?

If you receive an email requesting your personal information, do not respond or open any links or attachments and delete the email immediately. If are unsure whether an email is from a trustworthy source or would like to report a suspected phishing attempt, please contact the IT Service Desk.

How else can I protect myself from phishers?

Some ways to protect yourself from phishing emails are:

  • Think carefully before responding to any email or website requesting your personal information. Is it reasonable for the organization to be requesting personal information from you? If so, is it against the company’s policy to be requesting this information via email?
  • Make sure you have up-to-date antivirus and anti-spyware software on your computer.
  • Before entering your personal information on a website, check to make sure the website is secure (see example below). A website is secure if:
    • There is a closed lock or unbroken key symbol at the bottom of your browser window or next to the site’s URL in the address bar. lock icon
    • The URL begins with “https” instead of “http”, meaning you are on a secure server. example of  

What should I do if I have responded to a phishing email?

If you think your UNB account has been compromised, reset your Password immediately by clicking the “Forgot My Password” button on the ITS Home page and following the instructions provided, then contact the IT Service Desk. If the phisher was provided other personal information such as a credit card number, contact the associated bank or organization immediately.

What is UNB doing to protect you from phishing emails?

In recent days, UNB has seen an increase in phishing emails sent to faculty, staff and students. As a result, Information Technology Services (ITS) has been working hard to increase awareness of this issue and communicate best practices to help you avoid falling prey to phishing attempts. ITS has also implemented preventative measures to reduce the impact of successful phishing attempts to both the victim and the University.