What are phishing and social engineering emails

Overview 

Criminals use malicious email and websites to try to trick you into revealing your password or other sensitive information or to infect your computer with malware. Universities are common targets. Phishing email often uses urgent language, asks for personal information, and has grammatical, typographical, or other obvious errors.

Acadia blocks a great deal of malicious email for you, but some phishing emails still get through. Learn how to recognize phishing and other malicious email to protect yourself and the university.

The role of email Quarantine

When email enters our systems from the outside, it is checked to see where it came from.  If the sender address ends in @acadiau.ca, then it is possibly phishing email.  Unless it was from one of a handful of approved services that have been configured to digitally sign email as genuine, they will be stopped in quarantine.  When a message is in quarantine, you will receive a notice twice a day looking something like this:

It's up to you to judge the email and decide if should be released into your email inbox.  Since the quarantine involves only email from the outside, it would not be reasonable for a notice about our IT resources to come this way.  It will certainly be phishing email.  It is pretending to be a notice from Acadia, and it would include a link to a malicious site designed to obtain your user credentials.  Therefore, this kind of email can be ignored.  After a few days, it will be automatically discarded without any action required.

How to spot a phish

  • Check links before clicking. Check the full URL to see if it goes where you expect.
    • On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
    • On your computer, hover over the link with your mouse. The URL will usually appear in the lower left corner of your window.
    • Check shortened URL destinations with these shortened URL Security tips.
  • Check to see If the sender is forged. See How to Spot a Spoof.
  • Is the content suspicious?
  • Be careful where you enter your password. Learn what to look for to help spot fake Acadia login pages that many scammers use in phishing. 
  • Pay attention to banners.
    • External Caution Banner. Take note of an automated warning banner at the top of emails received from senders outside the university that contain links or attachments. The email banner urges extra caution with such messages.
    • If it looks like it's from an Acadia email address and it has the External Banner, be wary

Learn More About Phishing

Report Phishing

Acadia users can report phishing by either clicking the Phish Alert Button or forwarding the email to phishalert@acadiau.ca.

Trust your instincts. If it looks phishy, it probably is. Report it (which will delete it) and move on.  

  • If you would like to verify, verify in an alternate fashion - call or check their website. 

If You Get Caught

If you gave personal information in response to a phishing email or on a suspicious webpage, your account may be compromised.

Further Reading

Types of banned attachments

To view your entire quarantine inbox or manage your preferences, Click Here

Employees are automatically enrolled in Annual Security Awareness Training.  Take the training at KnowBe4. Login with your Acadia username and password. 

See below for the Social Engineering Red Flags. 

 

Details

Article ID: 475
Created
Wed 10/11/17 3:32 PM
Modified
Thu 9/28/23 9:37 AM