Understanding Phishing

There is no guaranteed method to identify phishing emails and websites. Read and understand the indicators contained in Table 1.1 and 1.2. Remember, the presence of one or several indicators does not automatically mean it is a phishing attempt; it just means you should me more cautious.

Table 1.1: Comparison Between a Legitimate and Phishing Email
Greetingsnormally Personalizedmay have strange greeting or not personalized
Spellingnormally does not contain spelling mistakesmay contain spelling mistakes
Urgencygives you time to think about the offeruses upsetting or exciting statements to provoke impulsive and immediate reaction
Embedded/Hidden Linkno deceptionvisible link appears legitimate but actual redirection may be fraudulent
Personal Information Requestnormally information not requestedmay be requested or lead to a fraudulent site that does
Sendere-mail address is consistent with the identity/country of the sendere-mail address may not be consistent/spoofed with the identity/country of the sender
Corporate E-mail Uselegitimate organizations avoid asking client personal information by e-mailuse of legitimate organization’s name and reputation to contact a large number of consumers
Textnot likely to contain incomprehensible textmay contain disguised random text
Table 1.2: Comparison Between a Legitimate and Phishing Site
Secure Site Markershttps:// in address bar and padlock icon in the status barmay have discrepancies or not have any security markers
Functionalityfully functionalmay not be fully functional or may link to an alternate website
Request for Personal Informationwill not request for information that they already havewill request personal information
Domain Namewill use and display the correct domain name in the address bar or status barmay be spoofed or contain a similar looking domain name or not have a status bar at all
Error in Browser Status Barnormally will not contain errormay contain errors while loading web page
Loginwill only be accessible with valid passwordbogus user ID and password may work

For additional information about protecting your personal information please visit RCMP page for the guide

Reporting Phishing

myEmail.lakeheadu.ca does have a feature to report Phishing.  With the suspicious e-mail open, users can click on the action arrow in the upper right hand corner (beside the reply button) and select Report Phishing.  By doing so, the email system will be informed of the suspicious email and can take appropriate action.

You can learn more about phishing here, and also report directly to Google here.

If you have any doubt about whether an email is phishing or not, please do not click on any links in the email, but forward it to helpdesk@lakeheadu.ca so we can look into it and advise you.