Scam emails are becoming more common and sophisticated, especially targeted attacks called “phishing" where scammers use specific information to make the messages seem more realistic.
When working remotely, ITS' ability to support your computer is more limited. Therefore, it is more important than ever to be extremely vigilant about any email that looks remotely suspicious. Please practice caution when reacting to emails that ask you to click on links, open files or send back information.
Protect yourself against malicious emails
- Be vigilant if you do not know the sender of an email.
- Check the email address as well as the name of the sender. Sometimes the name will be familiar but the actual e-mail address will be fraudulent, like this: firstname.lastname@example.org. The correct domain for Canada Post is canadapost.ca, not canada-post.izu.
- Make sure the address or attachment is relevant to the content of the email. If the sender of the e-mail is “email@example.com” and the message says your IT administrator needs you to confirm your ECU password, please notice that the message did not come from a @ecuad.ca address.
- In the e-mail’s content, look for typos, incorrect grammar, or requests that are “urgent”, wanting personal or financial information, or access to funds & gift cards.
- Beware if the e-mail warns that your account will be deactivated or warns that you have been caught doing something illegal. ECU ITS will never ask for your password.
Protect yourself against malicious attachments
- Make sure that the sender’s email address has a valid username and domain name. In the example "firstname.lastname@example.org", the fraudulent domain is “canada-post.izu”.
- If you were not expecting an attachment, verify the sender’s name & address, then check with the purported sender by manually entering their e-mail address. Do not open the attachment until it is verified by the purported sender.
- Use anti-virus or anti-malware software on computers. (You have this on your ECU issued equipment)If you receive anything that looks suspicious, please do not hesitate to contact ITHelp.
Protect yourself against malicious websites
- Make sure URLs are spelled correctly and the domain is legitimate. (i.e. www.accounts.adobe.com NOT acounts.adobe.net.rl)
- Directly type the URL in the search bar instead of clicking a provided link.
- If you must click on a hyperlink, hover your mouse over the link to check if it directs to the right website.
Need more information?
If you have clicked on a fraudulent link or opened an attachment
- Immediately turn off your computer (you may need to hold the power button until the screen turns off)
- Contact ITS
Here are some recent phishing attempts that have been circulating.
If you have received any of these and have clicked on any links or replied with information, please turn off your computer and contact the IT Help desk immediately. If you have not clicked or replied, just delete the email.