Phishing Prevention

Phishing and smishing are techniques used by attackers to trick you into giving away information by disguising themselves as a trusted source.

Phishing typically involves scam emails, while smishing refers to fraudulent SMS messages. Both methods aim to persuade you to click on links, download files, or provide sensitive information. These messages often resemble legitimate communications from trusted individuals and may include the following warning signs:

  • Unfamiliar tone or greeting 
  • Unrecognized sender or sender address
  • Sense of urgency to act immediately or within a defined timeline
  • Spelling or grammar errors
  • Too good to be true messages
  • Attachments or embedded URLS

Cyber attackers are increasingly using artificial intelligence to create phishing emails that closely mimic legitimate ones.

Risks to Avoid

Credential Theft

Falling victim to phishing or smishing attacks can result in your login credentials being stolen, giving attackers access to your personal or university accounts.

Identity Theft

Scammers can use your stolen credentials to log into your accounts, which could lead to financial loss or identity theft.

Malware Infection

Clicking on unknown links can cause malware to be installed on to your device.

Data Breach

If attackers gain access to your sensitive information through phishing or smishing, it can result in a data breach.

What To Do

Verify Before Clicking Web Links

Always hover over web links without clicking them. This allows you to see the full URL, helping you identify the domains. Do not click on the link if you are unsure about or do not recognize the domain.

The domain in a URL is located after the initial "https://" section.

  • Example 1 – In the URL, https://www.oise.utoronto.ca 
    • HTTPS is the protocol used; the ‘S’ at the HTTPS means the connection to the website is secure through encryption. Avoid sites which does not have the ‘S’ at the end, 
    • www.oise.utoronto.ca is the domain for the site. 
  • Hackers can slightly modify the URL and make URLs that are very close to the legitimate one
  • Example 2 – http://www.secure-login.net/google.com
    • HTTP is the protocol used but there is a "s" missing at the end, making it insecure and and an indication of a malicious website.
    • Although google.com appears at the end of the URL, secure-login.net is the domain the browser will connect to and not google.com, which indicates it is a tricked site. 
  • Visit the site for more detail on identifying suspicious URLs.

Authenticate Email Requests

Always verify requests for sensitive information or tasks, such as entering your credentials on a webpage or conducting a financial transaction, by contacting the sender through trusted communication channels before responding to their email.

Consult Education Commons

If you have doubts about the authenticity of an email, reach out to Education Commons by sharing the details/forwarding the email for guidance.

What Not To Do

Don't action an email request immediately even though it claims to be urgent

Never click on links from unknown sources

Don’t send your personal information via email

Don't open unexpected email attachments

Don't fall victim to social engineering techniques like phishing or smishing.
Always Verify Before You Trust!