Phishing is a form of identity theft where victims are “lured” into giving away sensitive
information, usually through email. Messages are designed to look like they are coming
from trusted businesses, like banks or government agencies. Often they are trying to
steal your identity or login credentials to gain access to your accounts
and to use them to commit other crimes.
The most common phishing attempts at Queen's are emails requesting your NetID and password.
FACT: ITS will never ask for your NetID password.
NEVER: Reveal your NetID password.
The best way to protect yourself is to learn how to recognize phishing messages.
They usually share these common traits:
It asks you to “verify” or “confirm” confidential information by replying to the email or by clicking a link to a
website or form. It may be a time-sensitive warning, to “bait” you into acting without thinking. For example,
“Your account will be deleted if you don’t respond immediately.”
REMEMBER: Legitimate businesses have policies against this practice.
Links may lead to a fake website or may download malicious code. Preview a link by rolling your mouse over it.
If it doesn’t look right, don’t click it! Attachments could contain viruses or malware. The sender’s email
address may be “spoofed” and not match the company it claims to represent.
NEVER: Open unsolicited attachments or click links without checking.
Spelling, grammar and factual errors are common in phishing emails.
LOOK FOR: Spelling and grammatical errors, no corporate branding, or poor quality overall.
See our Phishing Samples page for examples of real phishing emails at Queen's.
Want to learn more? Take the Dell SonicWall Phishing Test.
If your NetID is compromised, you should change your password immediately.
CHANGE: Your NetID immediately.
REPORT: Call the IT Support Centre at 613-533-6666, or fill out the Online Help Form.
Queen's realizes that phishing is a big concern. In a given month, we see about 14,000,000 incoming messages, with close to half rejected as spam. Even with the best technology in place, some phishing attempts get through. Compromised accounts can be used to send spam, which overwhelms our systems and causes Queen’s to be blacklisted by other email services. We scan outbound email for spam to identify these accounts and lock them down before this can happen.
Remember: NetIDs can be used to access not just personal information, but institutional information as well. Making this available to an unauthorized party means putting the security of the entire university at risk.
Learn more about phishing and safe computing practices: