May 4, 2022

Not your grandma’s rich prince email scam

How to spot the subtle clues you’re being targeted by a phishing attack
Not your grandma’s rich prince email scam
RODNAE Productions, pexels.com

Phishing scams used to be easy to spot — no, there wasn’t some rich prince who wanted to share his fortune with you, if only you could give him your credit card number. These days, email scams have evolved to a point where messages can look like they’re coming from your friends, co-workers, bank or even your own friendly neighbourhood tech department.  

As April's Cybersecurity Awareness month ends, the University of Calgary’s Information Technologies (IT) team wants to equip you with a few tips to stay cybersecure all year round. Even though online criminals see staff, students and researchers as prime targets for cyberattacks, there are many ways you can protect yourself. 

What is phishing? 

Phishing is an impersonation of a corporation, institution or person with the intent to gain access to personal or financial information or access to private data and systems. While some phishing (and its text equivalent, “smishing”) is easy to spot, the most sophisticated attacks are almost indistinguishable from UCalgary’s own internal emails.  

These messages often contain a sense of urgency, prompting you to react quickly instead of giving the email a careful review to ensure its validity. Once you have clicked on a fraudulent link or downloaded a false document, the criminal can use their access to not only steal your information, but also use your accounts to trick your contacts into doing the same.   

UCalgary has email protection technology that blocks millions of spam and phishing messages per month. However, even with the best technology, some emails can slip through. This is why it’s so important that the UCalgary community knows what to look for.

Clues you’re being duped 

  • Unibersity of Calgarry: Fake or suspicious company or organization  
  • From Dr. Ed Macaulay Culkan: Unknown or suspicious sender.  
  • To Rex: You do not match the intended recipient.   
  • Look at this: Vague subject line.  
  • This is vital, crucial, and critical: Repeating patterns or other signs of made-up details.  
  • You haz been hacked: Misspelt words or confusing grammar.   
  • Faculty of Modern Karts: Group or team that does not exist.   
  • I need your help now!: A sense of urgency, especially around logging in.  
  • www.thisisaboguswebsite.com: Suspicious links.  
  • 1-800-bigscam: Wrong or suspicious phone number.  

How to protect yourself from phishing 

So, you think something is off about an email you received — what should you do?  

  • Report suspected phishing attempts to IT by either: 
    • Right-clicking on an email, choosing security options, then phishing   
    • or save and forward the email as an attachment to reportphishing@ucalgary.ca 
  • Delete and do not respond to suspicious emails.   
  • Never email personal or financial information like passwords or credit card details.  
  • Do not click on links in an email claiming to bring you to a secure site.  
  • Stop ignoring those notifications that your computer or other devices need to update — the latest version of software will have the most effective protection from attacks. 

IT has an Introduction to Phishing course on Enterprise Learning Management for staff who want to learn more about phishing.  

Staying cybersecure 

The best way to combat cyberthreats is to be aware of them and to understand the importance of cybersecurity. All members of the UCalgary community can help keep us all safe by doing their part to remain cybersecure. Part of that responsibility is to maintain good password practices; back up your data regularly; ensure your devices, applications and operating systems (Microsoft Windows, Apple OS, Linux) stay patched and up to date; and consider the privacy levels of the data you’re working with (and contact the FOIP office if you have concerns), along with following other cybersecurity best practices.  

For a full list of things you can do and resources you can use to stay cybersafe, check out our Top 10 Cybersecurity Tips page, and contact IT services through UService or with a ServiceNow ticket if you have any concerns.