Tech Bulletin: Phishing Attack
Dear Students, Faculty and Staff,
This morning we’ve received several reports of phishing messages claiming to be from IT and asking users to provide passwords to avoid email accounts being suspended.
If you received this message, please delete it. If you have entered your username and password on a site from an email message, please contact firstname.lastname@example.org to have your password changed.
Phishing attacks such as this are becoming an ever more common way to access information from authorized users, and to gain access into the sensitive data we store at the university. Fortunately, phishing can usually be easily identified by following these tips:
- IT will never ask you to click a link and enter a password in an email message, instead we would advise you to login to myTrent (without providing a link) in the unlikely event account action is needed.
- Legitimate, mass announcements from IT will always be sent in the form of a Tech Bulletin.
- Phishing messages commonly contain grammatical and spelling errors or other errors in the text of the message such as the incorrect names of departments.
- The links in phishing messages, when hovered over with a mouse will generally point to unusual web addresses that are often long to confuse users.
- Known phishing attempts are posted on the IT twitter feed at https://twitter.com/Trent_IT when we become aware of them.
For more information on phishing and how to spot it, please see https://www.getcybersafe.gc.ca/cnt/rsrcs/vds/phshng-en.aspx
Associate Vice President, IT
P.S. Missed a Tech Bulletin? Please go to http://www.trentu.ca/tech-bulletins/ to review the Tech Bulletin archives.
Posted on July 13, 2017