Phishing
October 14, 2010:
Cyber-criminals are trying to steal your email account.
Recent attacks involve forged emails coming from questionable sources with the uOttaw email address. These emails will ask you to validate your either your user ID and/or password, or will direct you to a false copy of a University web site, resulting in the use of your account to send out spam and congesting the entire system.
Many people are familiar with 'phishing' schemes, whereby criminals attempt to steal for example your banking information. They send you an authentic-looking email which asks for banking information, or redirects you to a mock copy of the bank’s web page to encourage you to share your personal information.
Please remember that the University will NEVER ask you for your password or other sensitive personal information via email.
Responding or reacting to ‘phishing’ emails puts your personal information, your accounts and the entire system at risk. If you receive one of these emails delete it immediately, do not respond or take action or open any attached documents.
Prevent your email account from being stolen.
Because these emails come from legitimate accounts, and will use language, images and references employed at the University, it may be difficult to identify them as phishing emails. You should:
- Be cautious when clicking on a URL in an unsolicited email
- Ensure that you are connecting to your email and/or InfoWeb account through a secure “https” connection (the URL begins with "https", not "http")
- Ensure the browser indicates a secure connection, denoted by the image of a padlock in the address bar of your browser. If you do not see the padlock, or if it is not an https connection, do not attempt to log on
- Be suspicious of emails offering money, requesting urgent action, threatening legal action or announcing security threats
- Never provide personal or sensitive information via email
For additional information go to: http://www.ccs.uottawa.ca/security/
