From time to time you will receive email from from senders with pseudo-official titles (Help Desk, The Bank, Wealthy Benefactor…) that are transparently fraudulent. The very stupid ones are relatively easy to spot by their tortured grammar and general confusion. However there are more sophisticated attackers sending much more convincing messages intended to steal your financial information, account credentials, or infect your computer. An email itself cannot do this unless the recipient clicks a link to a malicious web site or opens a malicious attachment.
Before clicking any links in emails, hover your pointer over the link to reveal the web address (URL). If anything looks suspicious about the link, do not click.
When any web site asks for your username/password information, always check the web page address at the top of the browser window. Make sure the address belongs to the entity you intended to reach. Any site demanding a log in should be offering an encrypted connection; the URL will begin with “https://” — note the “s“.
Things to bear in mind:
- There is no verification of sender name or address built into email. It is trivially easy to spoof the name of a sender. You may receive mail apparently from someone you know that is in fact malicious.
- Email is an insecure medium; never send confidential info (financial, password) in email.
- It is trivially easy to exactly replicate the look of a login web page (UTORid, banking, Facebook). The only way to be sure it’s the real thing is to examine the web address carefully.
More information about how to protect yourself is available at: https://securitymatters.utoronto.ca/
Report suspected phishing email by forwarding to: firstname.lastname@example.org
Always keep your operating system up-to-date.
Windows 10 includes built-in anti-virus protection called Windows Defender. We recommend you do not run Windows versions older than Windows 10. If you have a computer with an older version of Windows, contact us for assistance. If you must run Windows 7, you need additional anti-virus software:
Microsoft Security Essentials https://windows.microsoft.com/en-US/windows/products/security-essentials
Anti-virus for Mac (or an alternative for Windows):
Sophos Home https://home.sophos.com/
If your browser is misbehaving (broken home page, popups) scan with an anti-malware package:
Malwarebytes (Windows and Mac) https://www.malwarebytes.com/