fb pixel

How to spot spam (or other malicious) emails? What should I do?

Email spam usually pertains to unsolicited commercial messages sent in bulk by people you don’t know – although there are exceptions to this rule. Multiple emails from unknown email accounts which look similar could also be Spam emails.

The University of Winnipeg is able to prevent the majority of spam and phishing emails from entering our network; however, it is not possible to prevent all unwanted emails from reaching University of Winnipeg email Inboxes. Therefore, it is important that all users can identify and report these problem emails if they are received.

All spam attacks should continue to be reported to the Service Desk. These targeted attacks designed to obtain University user credentials or other personal information are becoming far more sophisticated and substantial, and the malicious activity that can occur using compromised credentials can have significant after-effects for individuals and the University.

Faculty, Staff and Students MUST REPORT incidents to Service Desk immediately. Please forward any suspicious emails to servicedesk@uwinnipeg.ca 

 

How to identify malicious emails with tips such as these:

  • Check the ‘From’ field – is the mail coming from a legitimate address?
  • Does the subject title have any relevance to your job or the University?
  • Look for spelling and grammatical errors in the content
  • If a hyperlink is included, pass your mouse over it to see where the link goes
  • Attachments (especially zipped ones) are extremely suspect

 

How Identify the Threats – Spear Phishing, Whaling and Vishing

Spear Phishing – Spear phishing is like regular Phishing, but targets a specific group of people. For example, a spear phishing email can target employees of a specific company, customers of a specific company, or even a specific person.  For example, many people on campus have received Phishing email from perceived “Technical Support Services”, telling them to follow a web link to change their email password.

 

Whaling – Whaling targets high-level executives or people in management positions (catch the big fish). A very recent example of this was an email sent to certain members of the University from what appeared to be a member of the Senior Administration, requesting certain information and actions from them. Other Whaling attacks in the past included one University Vice President and several directors.  Whaling is a very real threat and is becoming more common.  Attackers take time to research the organizational hierarchy and plan their attack accordingly.

 

Vishing – Vishing is a form of phishing that uses the phone system or voice over IP (VoIP) technologies. The user may receive an email, a phone message, or even a text encouraging them to call a phone number due to some discrepancy. If they call, an automated recording prompts them to provide detailed information to verify their account such as credit card number, expiration date, birthdate, and so on.