Although phishing attacks are (unfortunately) an everyday occurrence, a recent message from “Revenue Canada” with a subject of “Your Tax Return “ has caused more than the usual concern. So, here is a reminder about phishing attacks—what they are, and how to avoid them.
Put simply, a phishing attack is a fraudulent email message sent to solicit personal information from the reader of the email for the purpose of identity and other forms of theft.
To avoid being caught in a phishing attack:
never provide personal information in response to an unsolicited email that requests it
never follow a link in an email that asks you to “update your personal information.”
The existence of obvious typos, impersonal addressing, strange looking links, odd email addresses in the From: field (seen when you hover the mouse over the address in the From: field) and urgent calls to action (“restore your account access now!”) in an email makes it even more likely that it is a fraud.
In one recent case, you are directed, via a link, to a supposed Government of Canada web site to enter Social Insurance numbers and other personal information. Please don’t click on any suspicious links. Although some are somewhat benign and only ask for personal information, others can direct you to a web site that can potentially download Trojans or malware of other types that can cause damage, not only to your workstation, but to faculty data residing on our shared drives.
If you are ever in doubt about a message, call the institution that the message purports to come from to ask for clarification. Most institutions (the University, banks, etc.) will never request this kind of information by email.
If at any point you realize that you have been caught by this or any other phishing attack, please call our Service Desk at 416-978-8504 to report it, so that we can determine how to minimize the exposure.
For more detailed information, the University of Toronto has a comprehensive webpage on the subject; see the box on the left.