Although phishing attacks are (unfortunately) an everyday occurrence, a recent message from “Revenue Canada” with a subject of “Your Tax Return “ has caused more than the usual concern. So, I thought I would send a reminder about phishing attacks—what they are, and how to avoid them.
Put simply, a phishing attack is a fraudulent email message sent to solicit personal information from the reader of the email for the purpose of identity and other forms of theft. For more detailed information, the University of Toronto has a document on the subject:
To avoid being caught in a phishing attack, simply never provide personal information in response to an unsolicited email that requests it, and never follow a link in an email that asks you to “update your personal information.” The existence of obvious typos, impersonal addressing, strange looking links, odd email addresses in the From: field ( seen when you hover the mouse over the address in the From: field ) and urgent calls to action (“restore your account access now!”) in an email makes it even more likely that it is a fraud.
In the most recent case, you are directed, via a link, to a supposed Government of Canada web site to enter Social Insurance numbers and other personal information. Please don’t click on any suspicious links. Although some are somewhat benign and only ask for personal information, others can direct you to a web site that can potentially download Trojans or malware of other types that can cause damage not only to your workstation, but to faculty data residing on our shared drives.
If you are ever in doubt about a message, call the institution that the message purports to come from to ask for clarification. Most institutions (the University, banks, etc.) will never request this kind of information by email.
If at any point you realize that you have been caught by this or any other phishing attack, please call our Service Desk at 416-978-8504 to report it, so that we can figure out what steps can be taken to minimize the exposure.
