Security is everyone's responsibility. Part of that responsibility is learning how to recognize and respond to phishing emails. Be mindful of what links and attachments you open from emails and NEVER give out your account credentials.
A phishing attack is when a cybercriminal attempts to deceive a user into divulging sensitive information. Phishing is online identity theft that can present itself in the form of fraudulent emails, texts, and calls.
Phishes are unexpected and can use recognizable company logos to try and trick you. Potential phishing emails may:
- Request confidential information (i.e. username and password, credit card numbers, etc.). KPU will NEVER ask for your password.
- Use a public email address (i.e. Google, Yahoo, QQ, Zoho, eclipse, etc.).
- Be from a sender you have no prior relationship with.
- Include an attachment you would not expect to see in an email from that sender.
- In this case, do not open the attachment and forward the email to InfoSec@kpu.ca, asking that they verify its contents for you.
- Include several spelling and grammatical errors or use unfamiliar language.
- Include an attached link that is shortened, hiding the full URL (e.g., bit.ly, goo.gl, owl.ly).
- Contain a suspicious attached link, including typos, character replacements, or attempts to convince the user the site is some other site or government run service. (e.g. faccbook.com, g0ogle.com, cra.gov.ca.officialwebsite.com).
For more information to keep yourself safe online, see our device security and safe computing habits pages.
If you have any concerns around information security at KPU, you can reach out to the information security team at infosec@kpu.ca
Frequently Asked Questions
How can I check if a shortened URL in an email is fraudulent?
Hover over the URL. If it contains a string of numbers, misspelled words, multiple subdomains, or generally looks suspicious, then without clicking on it, Google the URL. If the first entry does not match the URL you entered, the site is likely fraudulent.
Will the IT ServiceDesk ever ask for my KPU password?
The IT ServiceDesk will NEVER ask for your password. It is important to not reveal your password to anyone.
Does "https" indicate that a site is safe?
No. A URL that begins with "https" only means access to the site is encrypted. The site owner and content could still be malicious.