Phishing Awareness

Information security

Phishing is a common online scam designed to trick you into revealing sensitive personal information (e.g. passphrases, credit card numbers, your SIN) that is then used for fraud or identity theft. Phishing typically takes the form of an email message that appears to come from a trusted organization (e.g. your bank, the university), but is actually from the identity thieves. It is intentionally difficult to tell the difference between a legitimate message and a phishing message.

For tips on how to avoid phishing and how to protect your personal information, visit our phishing awareness training page and self-register for online training via CourseSpaces. Visit our Phish Bowl page to see examples of phishing and malicious emails that the UVic Information Security Office has analyzed.

The Email Warning Banner Service is also helpful in identifying potential Phishes.

Simulated Phishing Training

Simulated Phishing Training is a recognized approach for cybersecurity awareness and training to reduce risks associated with phishing. Simulated Phishing Training consists of generating emails that resemble real phishing emails we have received, and sending 3-4 such simulated phishing emails to UVic email accounts on a monthly basis. If the recipient ignores the email/does not click, as intended, then there is no further action. If the recipient interacts with the message, such as clicking on a simulated phishing link, they will be presented with just-in-time training with some tips on how to tell the message was not legitimate so that they can better detect similar messages in the future.

The system will not share individual results on who clicks or provides credentials, nor will it capture any supplied credentials or passwords. We will only report at an aggregate institutional level on the percentage of individual recipients who clicked relative to emails sent. The reporting will assess the effectiveness of the training approach and whether individuals are responding less frequently to phishing emails. These overall results will help us determine whether relative risk due to phishing is increasing or decreasing, so our cybersecurity program can respond appropriately.

If you have any questions, please contact the Information Security Office.

What protection is currently in place?

University Systems employs several methods to reduce spam on campus. These include:

DNS Blocklist: a service that rejects all emails from computers known to generate spam.
SpamAssassin: a product running on the UVic mail server which checks all email received from off campus against a set of spam filtering rules.

By employing these methods, UVic manages to filter approximately 800,000 fraudulent emails per day, but unfortunately, some spam and junk emails may still end up in your mailbox. For information on email scams—including how to identify fraudulent emails—visit our spam filtering support page.

Who can use this service?

Faculty
Staff
Students

How do I request or access this service?

The above anti-spam protection methods are automatically provided. If you are receiving a lot of phishing and junk emails, you can change your spam settings by visiting the NetLink administration page and clicking on the E-MAIL ANTI-SPAM link. Please be aware, however, that some legitimate emails may also be identified as spam if you enable spam blocking on your UVic account. You can disable the spam filter at any time by visiting the same link.