Phishing Information for Students

Security is everyone's responsibility! As such, it is important to learn how to recognize and respond to phishing emails. Be mindful of what links and attachments you open from emails and NEVER give out your account credentials.

A phishing attack is when a cybercriminal attempts to deceive a user into divulging sensitive information. Phishing is online identity theft that can present itself in the form of fraudulent emails, texts, and calls.

Phishes are unexpected, and can use recognizable company logos to try and trick you. Potential phishing emails may:

• Request confidential information (i.e. username and password, credit card numbers, etc.). UVic will NEVER ask for your password over an email.
• Use a public email address (i.e. Google, Yahoo, QQ, Zoho, eclipse, etc.).
• Be from a sender you have no prior relationship with.
• Include an attachment that you would not expect to see in an email from that sender. In this case, do not open the attachement, but rather, forward it to the Computer Help Desk and ask that they verify its contents for you.
• Include several spelling and grammatical errors or unfamiliar language being used.
• Include an attached link that is shortened to hide the full URL (e.g. bit.ly, goo.gl, owl.ly)
• Contain a suspicious attached link.

Frequently Asked Questions

How can I check if a shortened URL in an email is fraudulant?

• Hover over the URL and if it contains a string of numbers, misspelled words, multiple subdomains, or generally looks suspicious, then Google the URL (without clicking on it!). If the first entry does not match the URL that you have entered, the the site is likely fraudulent.

Will the Computer Help Desk ever ask for my NetLink ID passphrase?

• The Computer Help Desk will NEVER ask for your NetLink ID passphrase. As such, do not reveal your NetLink ID passphrase to anyone.

Does "https" indicate that a site is safe?

• No. A URL that begins with "https" only means access to the site is encrypted. The site owner and content could still be malicious.

• Related support
• Related services

How-tos

• Cybersecurity awareness for students
• Device Security
• Passphrase Management
• Phishing Information for Students
• Safe computing habits for students
• Safe web browsing: blocked malicious URLS

Information security Exchange ActiveSync policies Cybersecurity communications Cybersecurity awareness for students Cybersecurity and remote work Secure your data Security design Whole disk encryption Email warning banners Anti-virus and endpoint protection Network protection Phishing Awareness Security threat and risk assessment Security camera recording service Security standards Virtual Payment Terminal