Phishing Emails

Phishing Emails

How to spot "fishy" emails in your inbox

DELETE IT: Don't Get Hooked

What are phishing emails?

People who want to steal your information can be clever. A common trick used by cyber criminals is to send you an email, which appears to come from someone you trust. The email will urge you to click on a link to verify your account, update your “expired” password, or open an important attachment.

A common example of phishing is the notorious Nigerian Prince email scam that promised a gift of a lot of money in exchange for banking information. It may sound like an obvious scam, but these types of phishing attacks are sent to large numbers of random email addresses and people may eventually provide personal information by accident.

Often these messages are marked as Urgent and contain links to sites designed to steal your information or hack your computer. Remember, UBC will never ask you to provide your password.

156 million phishing emails are sent out each day

10% of these emails manage to get through spam filters.*

80,000 people fall for a scam each day

which can result in stolen identities, financial loss, and credit card fraud.*

* Both statistics from: http://www.getcybersafe.gc.ca

1How can I recognize a phishing email?

Phishing messages can come in many different disguises, from sophisticated deception to obvious fraud. Watch out for these common characteristics of phishing emails:

  1. Non-UBC Email (“CAUTION: Non-UBC Email” indicator at the top of the body of email)
  2. Sense of urgency and time constraint, very brief
  3. Requests to verify accounts or credit card numbers
  4. Anything too good to be true
  5. Unexpected Emails
  6. Information mismatches
  7. Suspicious attachments
  8. Unprofessional design

*Remember: “Think before you click the link”. If you have any concerns about a message or link, don't open the message or click the link. Instead forward it as an attachment to security@ubc.ca

2What if I accidentally fall for a phishing email?

As cybercriminals get more sophisticated with their tricks, it can be harder to recognize phishing emails. If you respond to a phishing email with your password, change it immediately and notify the UBC Information Security team at security@ubc.ca so we can work with you to protect your account.

If you accidentally open an attachment from a suspicious email, delete it immediately (and empty the Recycling Bin on your desktop) and send an email to security@ubc.ca to let them know about the incident.

3How do I report a phishing email?

You should report phishing attempts by forwarding them as an attachment to the UBC Information Security office at security@ubc.ca

For assistance in reporting, see this guide to create quick steps in Microsoft Outlook for Windows to report phishing and remove it in one click.

Similar instructions have also been prepared for removing spam messages

If you see a suspicious email with UBC branding, logos, and language please contact the UBC Information Security office immediately at the email above. When we are made aware of a phishing campaign, we can immediately begin identifying and protecting accounts that may have been compromised.

Fast reporting from members of the UBC community has helped save many accounts from potential privacy breaches.

If you are working from a cellphone or tablet which makes it difficult for you to forward an attachment, please just forward the email to security@ubc.ca and then follow up with the attachment at your earliest opportunity, referencing the Incident ID which will have been automatically generated for you.





Go even further...

For a much more in-depth look at phishing at UBC, you can:

Complete the full Fundamentals training to learn how to protect yourself and others
Learn more about dealing with phishing emails at UBC