Nov. 3, 2020
Six ways to keep your inbox safe
There are more than 950 phishing emails targeting University of Calgary email addresses reported every month. So what can students, faculty and staff do to protect themselves and our institution? Here are six things you can do:
- Check the sender. Do you recognize the email address? Were you expecting an email from this person? If there is a link in the email, when you hover over it, does it look like a legitimate URL? Are there spelling errors? Try typing the URL into your browser instead of clicking on the link. If there are attachments in the email and you are not sure if they are malicious or not, give the person a call and confirm they sent you the email.
- Look for the “external” marking at the top of an email. It looks like this, but will be in red: [△EXTERNAL]. This will tell you if the sender is someone outside of the university. Sometimes cybercriminals mock up an important individual’s email, like a faculty dean, and use it to request things like gift cards or your information. Every year IT receives reports of individuals deceived in this manner — cybercriminals pose as their boss, professor, dean or others. If the email is marked “external” you will know it’s not from someone at UCalgary. If it’s not marked external, you should still look for the clues above — sometimes cybercriminals can gain access to a UCalgary account and send out malicious emails from their email address.
- Keep your personal information personal. Never email or text personal or financial information. Check your bank, credit and debit card statements regularly. Never share your UCalgary or personal passwords with anyone.
- Find a work-around. Received an email saying you need to update your password? Getting calls from someone claiming to be from the Canada Revenue Agency? Instead of responding directly, close the email or hang up and go directly to the website to update your password or to find the number to call the agency back. It’s better to make a customer service agent wait to speak to you than to unknowingly provide your sensitive information to a cybercriminal.
- Trust your gut. If it sounds too good to be true, it likely is. Don’t click on links or open any attachments. Follow the steps below to report it.
Report it. Once you’ve “caught” the phish, make sure to report it to help prevent others from falling victim to it. This helps protect everyone at the university. If you receive a suspicious email, include it as an attachment in a new email to firstname.lastname@example.org and then delete the email, or report it using the tools in your email navigation bar.
If you receive a suspicious email and you are still not sure what to do, feel free to reach out to the UService team. They can provide you with guidance and further information over the phone. More information and resources are also available on the IT security website.
What is IT doing to prevent phishing?
There are a number of programs in place to help prevent phishing at the University of Calgary:
- Cybersecurity awareness program: To educate and promote good cyber hygiene among students, faculty and staff.
- Spam blocking technology: More than 99 per cent of spam or phishing emails are blocked before they hit UCalgary inboxes. Unfortunately, even with the best spam blocking technology, some malicious emails will get through, making the above security awareness program so important.
- Report phishing email (email@example.com): To collect and act on phishing emails the spam blocking technology does not catch. Once a phish is reported, our IT security team reviews the information and works to remove the email from other inboxes.
- Marking external emails as “external” to help identify when an email is coming from outside the university (see above).
- Phishing exercise program: In addition to the awareness program, phishing exercises, or simulations, are also sent periodically to help educate faculty and staff about what to look for to identify phishing emails.
- Detailed phishing information on the IT security website, including a How to Report and Spot Phishing handout.
Faculty and staff have an added layer of protection through multifactor authentication — or MFA. This is a second verification, like a code sent to your mobile, in addition to your password. Students are also encouraged to sign up for MFA.
Cybersecurity is everyone’s responsibility. By working together, we can help increase cybersecurity at the University of Calgary.
Follow the UCalgary IT Twitter account to keep up to date on IT outages and news.