窪蹋勛圖厙

 

Don't get "phished"

Scammers are getting smarter

- November 5, 2013

An example of a phishing email designed to look like it came from Dalhousie.
An example of a phishing email designed to look like it came from Dalhousie.

Pop quiz: Phishing is:

a) A typo for fishing
b) Travelling to attend concerts from your favourite jam band
c) A criminal activity carried out by fraudsters attempting to obtain sensitive information such as passwords and credit card details

The answer, of course, is c.

Phishing, sadly, is a reality of Internet life in the 21st century. Each of us can recall countless mysterious emails, tweets or websites inviting us to reply, click or offer up our password. And we think we know what to do about them: dont reply, dont click, delete.

But Dals information security manager says its more important than ever to be diligent about phishing because the phishers are getting smarter.

This new generation of scammers arent sending emails about fake inheritances or that sort of old-fashioned trick, explains John Bullock with Dal Information Technology Services. Instead, theyre building emails that look like theyre coming from your bank, your government or your university.

Never give out your password


Bullock says its difficult to pin down exact volumes when it comes to scam emails, but generally ITS has seen an increase in recent years in the number of scam emails purporting to be from Dalhousie. To make it seem like theyre coming from the actual university, the emails can use images of the university or phrases like MyDal or Help Desk. Some pull factual details from Dals Wikipedia page to seem more real.

One sure-fire way to know that these emails are fake is that many ask for your password.

窪蹋勛圖厙will never ask for your password by email, nor will any reputable organization, says Bullock.

But not all phishes have such a clear tell that gives them away. Thats why Bullock advises never to click links in any email that you werent expecting, or links that give you even the slightest suspicion. And just because you recognize the sender doesnt always mean its safe: from and reply-to fields can be faked, and phishers do research so the message resonates with their intended victim.

Better safe than sorry is always the best approach, whether its an email, a mysterious tweet or something else, says Bullock. If youre at all suspicious, either delete the message, visit the official website manually in your web browser and navigate down from there, or pick up the phone and call or text the person or office who sent it.

Protecting your information


The consequences of getting phished through your Dal account are serious, both for you and for the university. Your email account and passwords could be used for fraud or illegal activity, or your computer could be attacked with drive-by-download software that allows others to use it. On Dalhousies end, the more @dal.ca accounts are used for phishing scams, the greater the risk that the university domain could be blacklisted by other companies and email service providers, preventing Dal email from reaching them.

Getting caught in a phishing scam affects you, your friends and colleagues and the entire Dal community, says Bullock. Thats why constant vigilance is so necessary.

Avoiding phishing

  • Delete requests for your password
  • Dont click links or open attachments in unexpected email
  • Be suspicious of any requests for financial information
  • Do not fill out forms embedded in email messages
  • Keep your web browser and plug-ins up-to-date
  • Avoid clicking links in private messages on social media sites that you were not expecting
  • If you think you have been phished, .