Home
FUTURE STUDENTS SUPPORT UWINDSOR
Phishing icon and illustration of a blue team with yellow team surrounding them

Don’t Take the Bait

Recognizing Phishing - Unexpected Support

Question mark inside circle graphic illustrationAre you a Lancer Team Player?

Scenario (Unexpected Support):

You receive a call from your bank or credit card company to inform you about a fraudulent transaction detected from your computer. They’d like to do a remote computer session with you to solve the problem. 

Recognizing Phishing - Unusual Requests

Question mark inside circle graphic illustrationBe a Lancer Team Player

Scenario (Unusual Requests):  

A co-worker sends an email asking you to send them a staff list because the boss is away.

Recognizing phishing

The image below shows some of the common signs that a message could be a phishing attempt.

Image of an email with highlighting the common signs in detecting a phishing attempt. They are: the email is from a free public service like Gmail; An unsolicited attachment is included; Generic greeting; Spelling or grammar mistakes; URL links to unrecognized or misspelled websites; urgency; toll-free number

(source: https://cyberwarzone.com/detect-phishing-emails/)

What should I do?

If you think you have received a phishing message:

If you clicked on a link or opened an attachment:

  1. Don't panic.
  2. Contact the IT Service Desk at 519-253-3000 ext. 4440.
  3. Change your UWin Account password by going to the UWin Account web page.

Recognizing a tech support scam

There are 3 keys to recognizing a tech support scam:

  1. An unsolicited call from an unknown person
  2. Informs you that your account, subscription or device is affected
  3. Wants to connect to your device to help you resolve the issue

Image with text on how to detect tech support scams with these common signs: From an unknown person; Tells you your device is affected by an issue; Wants to connect to your device or to their device.

(source: https://community.teamviewer.com/English/kb/articles/4715-teamviewer-and-scamming)

If all three of these elements are present, it’s probably a scam. Hang up and contact the company directly via the normal channels you use.

Where can I find more information?

You can view a longer version of this article that includes examples of phishing.

We're here to help!

IT Services is happy to answer questions about cybersecurity on campus: ext. 4440 or open a ticket for service here: uwindsor.ca/itshelp. More information on cybersecurity issues facing campus: uwindsor.ca/cybersecurity

 

Phishing

What is phishing?

Phishing is a form of attack that depends on tricking or fooling a victim into doing what the attacker wants. The attack begins with the attacker sending a message to the victim. It is this technique of using a message as bait to lure the victim that gives the attack its name.

The attack is a success if the victim responds to the request. For instance, the victim may click a link or open an attachment that triggers some kind of threat. Other examples, the victim could respond to the attacker's message, or they could simply stay on the phone and speak with the caller.

In the case of communication between attacker and victim, the attacker will attempt to manipulate the victim using social norms and expectations to convince them. Some examples are when an attacker:

  • Asks the victim to do a quick errand that they can't do.
  • Calls where the attacker asks for help to appease their horrible boss, relying on the victim to help to avoid trouble.
  • Informs the victim about a (fake) issue with their account and offers to help fix it.

Did you know that 93% of successful cyberattacks begin with a phishing scam?

Types of phishing

The most common types of phishing are:

  • Phishing is usually referring to an email message scam. 
  • Smishing is a text message (SMS) that takes advantage of difficult-to-validate messages and web links on a mobile device. 
  • Vishing is a bait message on someone’s voicemail asking them to take action and fall for the scam.
  • Quishing is a QR code that requires scanning with a cell phone to follow a link. 
  • Spear phishing can be an email, text or voicemail, where the attacker has done research on the victim with personalized information. 
  • Tech support scam is typically started by a phone, where the attacker offers help to solve a problem and asks to you use a remote support session to access the device. 

Why is phishing a problem for individuals and organizations?

  • Prevalence: More than 90% of compromised accounts or hacks start with a phishing attack.
  • Speed: More than 60% of victims of a phishing attack “bite” in the first hour, so it is difficult for organizations to react in time to stop the attack.
  • Cost: Business email compromise cost organizations $4.1 billion USD in 2020 (up from $1.77 billion in 2019) along with recovery operations and reputational damage.
  • Impact: Individuals suffer from phishing, both through workplace shame and cleanup effort, and personal repercussions like identity theft and credit rating damage.