Phishing

Phishing is a common online scam designed to trick you into disclosing your personal or financial information for the purpose of financial fraud or identity theft.

Spear phishing and vishing

There are always new and more sophisticated attempts being made to trick you into revealing confidential information.

Spear phishing is a directed phishing attack that is designed for a specific group of individuals, such as the TRU community. These types of attacks appear to come from a well know and trusted source, and may include your name or other personal details.

TRU ITS never asks for passwords or other Personally Identifiable Information by email.

If you receive an email that is suspect, send the spam/phishing email to infosecurity@tru.ca . We can warn others and block that specific site.

Vishing is a scam which involves leaving automated voice messages instead of emails. These voice messages may seem to be from a trusted source and will ask you to call some one to confirm details of accounts etc. Never divulge personal information unless you are certain to whom you are talking.

Qishing is the increasingly popular term used to describe a phishing scam that uses a malicious QR code to gain access to its victim’s logins. A QR code is embedded in the email as an image. It will contain a link to a malicious URL containing malware, or a URL leading users to a phishing site.

How phishing scams work:

  • You receive an unsolicited e-mail appearing to be from a legitimate company. A typical phishing e-mail will give you a phoney reason, such as a security breach or contest, to trick you into providing your personal information.
  • The e-mail will often include a reason that urges you to reply with confidential information or click on a link that takes you to a fake website.
  • That fake website will look authentic by copying the brand name and logo of the real company. This phoney site will ask you for personal information such as credit card numbers, account numbers, passwords, date of birth, driver's license number, and social insurance numbers.
  • While you may think you are giving your information to a valid company, instead you are providing it to a fraudster!

 

Why might you receive a phishing e-mail?

  • You received a phishing e-mail simply because your e-mail address has ended up in the hands of a fraudster. E-mail addresses are easily obtained and shared on the Internet – just like phone numbers and mailing addresses. But, other than having your e-mail address, it is unlikely the fraudster knows anything else about you – not even your name.
  • So, these fraudsters need to do three things to be successful:
    • target companies with large numbers of customers...the more, the better! 
    • send thousands of phishing e-mails in order to reach as many of these customers as possible (many of the e-mails are also received by non-customers). 
    • write the e-mail messages in such a way as to trick people into revealing their confidential information.