cybersecurity monthCombating phishing scams requires vigilance.

To avoid phishing, don’t take the bait, advises IT Services

In the first half of 2022, more than 6,300 phishing attempts were reported, according to the Canadian Anti-Fraud Centre. The centre estimates this accounts for only five percent of actual incidents.

Phishing attempts are increasingly common and take various forms, including email, text, call, and voicemail, all trying to compromise the University’s data and individuals’ personal information. By being on the lookout for signs of phishing, the UWindsor community can protect itself from these cyber-attacks that seek to steal accounts and confidential information.

“The University’s data is threatened daily by cyber criminals trying to gain access,” says Marcin Pulcer, interim executive director of Information Technology Services.

“What may appear to be helpful or responding to an urgent email or text could pose dire consequences to the organization. We ask that our campus community think twice before supplying access to UWindsor information and sharing personal information. It requires a vigilant team effort.”

IT Services suggests five tips to avoid getting phished:

  1. Evaluate the request details.
    Is the message unusual or unexpected?
    Is there urgency?
    Does it ask you to open an attachment or link you were not expecting?
    Are you asked to log in or supply personal information on a form or website?
  2. Examine the sender’s name and email address carefully.
    Is it from a public email like “gmail.com” or another free email service instead of an organization or business?
    Is it from someone who does not usually regularly email you?
  3. Review the message.
    Are there spelling errors, bad grammar, or odd formatting?
    Does it have an ambiguous or missing signature?
    Do the graphics look off?
    Are they asking you to switch to a different communication tool?
  4. Check any links in the email.
    When you hover over the links, are the web addresses suspicious?
    Are the characters correct or are they lookalikes?
  5. For scam calls, beware of a request to access your computer.
    Do they want to connect to your computer via remote desktop?
    Do they request to share your login information to an online account?

We often trust messages coming from within our organization or from a reputable company. If you think the message may be legitimate, but you answered yes to any of the above questions, contact the sender through a different communication channel to verify it — do not respond to a potential hacker.

Otherwise, report the message to spam@uwindsor.ca or contact the IT Service Desk at 519-253-3000, ext. 4440.

Find examples of phishing messages on the Cybersecurity Awareness website.

Led by IT Services, Cybersecurity Awareness Month efforts highlight cybersecurity issues relevant to the UWindsor community. More information can be found at uwindsor.ca/cybersecurity.