University of Toronto Logo

Information + Technology Services

Small normal big

Don’t Get Hooked!

Don't Get Hooked!You may not realize it, but you are a phishing target at school, at work, and at home. Ultimately, you are the most effective way to detect and stop phishing scams. When viewing email messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests, or gimmicks.
  • Avoid opening links and attachments. Even if you know the sender, don’t click on links that could direct you to a bad website. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender’s email address to make sure it’s legitimate. If in doubt, just delete the message.

Common Phishing Methods:

SMISHING This is phishing via SMS (text message). Cyber criminals hunting for personal information via alarming texts that are often disguised as banks alerting you to unauthorized transactions or even a simple ‘work from home, make $1000/week’ offers. Never click on a text message link from an unknown sender. If you are worried about your bank account, just log into your bank account directly to see if something is off.

VISHING – This term refers to phishing via voicemail. This scam usually manifests as an urgent voicemail asking you to call back a number and dial an extension so you can get the ‘important’ message or claim your prize. What often happens then is the scammers charge you for the call while you obliviously wait on hold or you actually speak to someone who then attempts to obtain your personal information under a false premise.

WHALING – This is a large scale phishing attack which usually targets high profile users such as executives, celebrities and politicians. The goal is to obtain unauthorized data from users who have high level of control over a company or have information that can be sold (i.e. politicians or celebrities). For companies, whaling is most common during tax season or budget submission months. Executives are duped into revealing personal details about their employees under the false premise of  an urgent “tax preparation or budget detail” requests.

SPEAR PHISHING – This type of an attack is similar to whaling where it usually targets a company with a fake website disguised as the company’s with the ultimate goal of divulging details from company hard drives or obtaining confidential information which can than be used to commit fraud.

Follow the Campaign: http://uoft.me/cyberaware