IT Services warns not to take the bait as phishing attempts increase

fishhook spearing ID card

Faculty, staff, and students have recently received a variety of email phishing attempts looking to infect their computers or reveal personal information. The malicious emails encourage people to act quickly and pretend to be from legitimate organizations.

Find some examples criminals are using to trick email recipients.

Unsolicited Email with Attachment

A recipient receives an email with a Microsoft file attachment, like a Word or Excel file, that exploits a Microsoft vulnerability. The attachment can install malware when downloaded or when using the hover-preview mode.

Student Work Offers

The message offers the student a work-from-home employment opportunity. It asks the recipient for an alternative email address, potentially one with fewer security features than that provided through the University’s email system. The signature includes a fake university office and a PDF with more fraudulent employment details.

Email Account Deactivation

Another email phishing attempt, purportedly from the Microsoft Support Team, threatens email account deactivation. The recipient receives a URL to “click here” and log in. The link takes the user to a dubious website to provide their UWin account information.

Information Technology Services says not to preview or download attachments, click, or reply to any of these requests. If you have provided your UWin ID in any of these phishing attempts, you should promptly update your UWin Account password and follow up with the IT Service Desk by opening a ticket, calling 519-253-3000, ext. 4440, or clicking the chat icon in the bottom right corner of uwindsor.ca/its or uwindsor.ca/itshelp.

Learn to recognize phishing attempts:

  • The sender has a public email address, like gmail.com or outlook.com
  • Sense of urgency or threat of discontinued service
  • Unsolicited email
  • Attachments
  • Poor spelling, grammar, or look-alike branding

What should you do if you think you have received a phishing message:

  1. Do not respond
  2. Forward the email to spam@uwindsor.ca
  3. Delete it

Find more information on spotting phishing attempts on the IT Services website.