Frequently asked questions

• Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person.
• Targeted attacks typically start with a phishing email sent to as many people as possible, that contains a link to a malicious website. It can often appear to come from a trusted source.
• After clicking on the link, the attacker will attempt to infect and take control over the victims’ computers or harvest their usernames and passwords.

• Spear phishing can also appear to come from a trusted source, however, it is highly targeted.
• The message will often be sent to only one person or a few selected individuals who have access to highly confidential information or servers.
• The attacker will often research the intended victim’s social media profiles and craft a highly customized email that will appear to be credible.

• UVic emails have been targeted by phishing scams for quite some time.
• Phishing attempts are becoming more and more sophisticated these days and our personal information is highly at risk.
• The university is also at risk because our systems store highly confidential data such as SIN numbers, banking information (such as direct deposit), health information, student data, etc.

University Systems employs the following two methods to reduce phishing spam on campus:

• DNS Blocklist: a service that all emails from computers known to generate spam.
• SpamAssassin: a product running on the UVic mail server that checks all email received from off campus against a set of spam filtering rules.

By employing these methods, UVic manages to filter approximately 800,000 fraudulent emails per day.

To learn more about spam filtering for @uvic.ca email addresses visit: http://www.uvic.ca/systems/support/emailcalendar/antispam/spam-filtering.php

• Keep your anti-virus software up-to-date.
• Keep your computer and key software such as your web browser, Adobe Reader, Adobe Flash, Microsoft Office and Java up-to-date.
• Use enterprise systems such as Connect/SharePoint and Departmental File Storage to store documents.
• Backup your data securely.
• Use secure passphrases and change them regularly.

To determine the full URL from a shortened URL, visit:

http://wheredoesthislinkgo.com/

• The data and metrics gathered during this campaign will be used to produce reports, track effectiveness of the training over a one-year period and to determine if there has been an overall reduction in successful phishing attacks.
• Individual responses from the target audience will not be identified. The data will be kept confidential and will be used for internal UVic reporting purposes only.
• Your credentials (password) will not be collected as part of this process.
• Similar phishing campaigns at other universities show a reduction in successful phishing attacks by 90%.

Visit netlink.uvic.ca and change your password immediately!

For additional assistance or information, contact the Computer Help Desk: 250-721-7687 or helpdesk@uvic.ca.

If you are noticing a lot of fraudulent emails in your inbox, there are a few ways you can prevent your account from receiving phishing or spam emails. Visit our anti-spam page for details.

If you receive what you think is a phishing message, you can either:

• Delete the email if you’re pretty sure it’s a phishing message and you don’t have time to deal with it.
• Check with a friend or colleague first to see if they received the same email.
• Help protect UVic by reporting the email to the Computer Help Desk (helpdesk@uvic.ca) or your local IT support person. If you are using a DSS managed computer, use the 'Report Phishing' button in Outlook to report the email and automatically delete it; otherwise, be sure to send the email as an attachment so that the email headers and any embedded links are included.The Help Desk will analyze the message and implement a block of the phishing URL for on-campus Internet connections.

If you are receiving a lot of phishing or junk emails you can change your spam settings. Please be aware, however, that some legitimate emails may also be identified as spam if you enable spam blocking on your UVic email account.

UVic faculty and staff can click on the registration link below to self-register for online phishing awareness training:

Register for online training in Brightspace

UVic's phishing awareness training consists of three separate modules:

• Learn to spot fraudulent URLs
• Learn to spot fraudulent emails
• Social engineering - recognizing and avoiding scams

Each interactive module includes a few short quizzes and should take approximately 5 minutes to complete.

• Avoid using URL shorteners
• When including links be sure to include the full URL (http://...)
• Only use links that are copy and pasteable
• Link to legitimate resources on a UVic website (UVic.ca)
• Include your UVic contact information
• Only send email from a UVic.ca email address
• Avoid using vague salutations such as "hello" or "dear user"
• Include a brief description about the document you are attaching