Phishing Information for Students

Phishing photo
Phishing awareness training

Security is everyone's responsibility! As such, it is important to learn how to recognize and respond to phishing emails. Be mindful of what links and attachments you open from emails and NEVER give out your account credentials.

A phishing attack is when a cybercriminal attempts to deceive a user into divulging sensitive information. Phishing is online identity theft that can present itself in the form of fraudulent emails, texts, and calls.

Phishes are unexpected, and can use recognizable company logos to try and trick you. Potential phishing emails may:

  • Request confidential information (i.e. username and password, credit card numbers, etc.). UVic will NEVER ask for your password over an email.
  • Use a public email address (i.e. Google, Yahoo, QQ, Zoho, eclipse, etc.).
  • Be from a sender you have no prior relationship with.
  • Include an attachment that you would not expect to see in an email from that sender. In this case, do not open the attachement, but rather, forward it to the Computer Help Desk and ask that they verify its contents for you.
  • Include several spelling and grammatical errors or unfamiliar language being used.
  • Include an attached link that is shortened to hide the full URL (e.g.,,
  • Contain a suspicious attached link.

Frequently Asked Questions

How can I check if a shortened URL in an email is fraudulant?

  • Hover over the URL and if it contains a string of numbers, misspelled words, multiple subdomains, or generally looks suspicious, then Google the URL (without clicking on it!). If the first entry does not match the URL that you have entered, the the site is likely fraudulent.

Will the Computer Help Desk ever ask for my NetLink ID passphrase?

  • The Computer Help Desk will NEVER ask for your NetLink ID passphrase. As such, do not reveal your NetLink ID passphrase to anyone.

Does "https" indicate that a site is safe?

  • No. A URL that begins with "https" only means access to the site is encrypted. The site owner and content could still be malicious.