Did you know an estimated 91 per cent of cyber-attacks start with an e-mail, and e-mail-based attempts have increased over 65 per cent in the past year.
In September alone, Okanagan College staff were targeted by over 200,000 spam, fraud, phishing, and malware e-mails! This is why every staff member plays a critical role in protecting our accounts, devices and data, and keeping Okanagan College safe from email-based attacks.
Being cyber-aware and responsible in your email, online practices and data handling is the most effective way to defend against these types of malicious activities.
People are the last line of defense. Think before you click!
What is Phishing?
Phishing is an email scam to steal personal and financial information from unsuspecting victims. Passwords, credit card numbers, bank account information, social insurance numbers or other sensitive information all are valuable to cyber-criminals, and often the first step in a more sophisticated or damaging attack.
Spotting the phish/scam and protecting yourself
- Double check the sender and know the signs. Inspect the “from” e-mail address, look for poor spelling/grammar, strange signatures and ignore any requests asking you to provide login, account or other personal information.
- Check the full e-mail address, not just the name. Sender names are often spoofed to look like people you know or trust but come from non-legitimate sources.
- Legitimate sites will almost never ask for login details from an email, attackers are trying to steal your OC login credentials!
- Do not click on links, shared documents, or open attachments in messages with which you are unfamiliar or don’t expect. Check the full URL of a link, look for fake sites or sites that ask you to log in with your credentials.
- Malicious attachments can run scripts or download malware/ransomware to your computer or OC connected systems and are highly dangerous.
- Be wary of urgent requests asking you to take immediate action or buy something like gift cards or prepaid debit/credit cards, etc. Often this may look like it’s from a supervisor or person of authority, asking you if you are available, can do them a favour, or to take quick action without thinking.
- Your OC supervisor will never ask you to do this. Check with your supervisor or the sender in-person and verify. Ask yourself if the request makes sense or seems abnormal.
- Don’t take the bait. Be suspect of any email that looks to be from IT, banks, financial institutions, Apple, Google, Microsoft, etc. asking you to log in to verify your account information or makes threats to deactivate or cancel your accounts unless you respond.
- IT and these other services will never legitimately do this. An attacker is trying to scare you into clicking their login link and steal your account credentials.
- Report any e-mail that looks suspicious to ITSecurity@okanagan.bc.ca.
- If you suspect a spam, phishing, scam or malicious e-mail has reached your inbox, or if you have possibly clicked a bad link or responded to something questionable, don’t panic, IT Services is here to help.
- Simply e-mail ITSecurity@okanagan.bc.ca and we’ll be happy to assist you.
Be Cyber-Aware and stay safe!
Report an incident Contact IT Security
More resources
- https://www.getcybersafe.gc.ca/en/resources/video-phishing-dont-take-bait
- https://www.getcybersafe.gc.ca/en/resources/social-engineering-how-cyber-scams-trick-us
- https://www.getcybersafe.gc.ca/en/blogs/signs-phishing-campaign-how-keep-yourself-safe
Take the click test