Phishing

Information Security Is Everyone’s Responsibility.


External Content Banner (Email)

Conestoga College uses a marking system to flag any emails that are received from outside of the college as an external sender, example below:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

These emails should be treated with as much or more caution then emails received from inside the college. Many emails from automated systems, or mailing lists will be flagged with this message and this is expected.

What do to if you see the banner:

  • Do you need anything from this email or were you expecting to receive it? If not, then delete the email.
  • Check to ensure that the email is not pretending to be a member of Conestoga College, malicious actors send emails that look like but are not from the College to trick you.
  • If you were expecting or require something from the email proceed with high caution. Outside senders may present themselves as trustworthy or another person in order to trick you into downloading or clicking on a link.

What is Phishing, Vishing, Smishing and Pharming?

Phishing is a scam which targets victims via email where individuals are encouraged to click through to fraudulent sites, give personal information about themselves or even send money. The scams vary widely but a majority of them are fairly easy to spot. Other variations of phishing are spear phishing and whaling, they are both targeted forms of phishing in which managers, directors and CEO’s are the objective.

What to look out for:

  • Do you know the sender of the email? If not, do not open and do not click on any internal links. If you do, still be cautious.
  • Are there any unrequested/unexpected attachments? If so, do not open before contacting the sender via another means to verify contents.
  • Are there any grammatical errors or spelling mistakes? If so, be wary.
  • Does the email ask for personal information? If so, ignore it.
  • If you are associated with the business in question, are they addressing you by name?
  • Check any and all links by hovering the cursor over it to see the URL, will it take you to the expected website or a different on

Vishing is when scammers contact you over the phone to extract personal information or trick you into giving access to your computer or accounts. This is a form of social engineering – an attempt to control social behaviour, fraudsters will impersonate a trusted company and leverage urgency to get victims to act quickly without thinking the situation through. A common scam: a person receives a call from Microsoft informing them that their computer has been compromised and that they must download software to solve the problem. The software is sent via email and if the file is opened malware will be downloaded onto their computer – the very thing they were trying to get rid of.

What to look out for:

  • Never give personal information over the phone to an unverified source. Companies like Microsoft will not contact you personally to warn you about malware, but would release frequent updates/patches to protect your machine from viruses.
  • If you received an unexpected request via email, text message or phone call to take some kind of action, the best course is to check the company’s details via their website and take any actions using those details.
  • If you are in any doubt about correspondence received, send it on to the customer service or security of the company in question to verify it.

Smishing is short for SMS phishing and it works much the same as phishing. Users are tricked into downloading a Trojan horse or virus onto their phones from an SMS text as opposed from an email onto their phone. Social engineering techniques are also used to leverage personal information and money from victims.

What to look out for:

  • Avoid clicking on links within text messages. It is even possible for scammers to piggy back onto existing message threads from trusted sources, like your bank. Double check all sources before sharing personal data or moving money if prompted to do so by text message.
  • Don’t respond to messages that request private or financial information from you.
  • Be wary of urgent messages that require immediate action, double check personally with your company with which you have an account before acting on any prompt. If it’s your bank, call the number on the back of your card.
  • Never call a phone number from an unidentified text.

Pharming scams use domain spoofing (in which the domain appears authentic) to redirect users to copies of popular websites where personal data like user names, passwords and financial information can be ‘farmed’ and collected for fraudulent use.

What to look out for:

  • Check the URL of any site that asks for any personal information. Ensure that the session begins at the known address of the site, without any additional characters.
  • Install a trusted anti-virus on your computer..
  • Do not disable or weaken your computer’s firewall also allow regular updates to further protect your machine.
  • Use a reliable and legitimate Internet Service Provider because significant security is needed at the ISP level as a first line of defence against pharming.