A cybersecurity alert was recently released to UNB students regarding an email phishing scam.
A phishing scam attempts to gather data from an unsuspected victim by luring them into something that seems legitimate, like an invoice, bank notification, etransfer, or inheritance from a Nigerian prince. The email UNB student may receive are titled “Invoice #” and includes a PDF attachment, which may contain malware or ransomware.
IT services recommend that you delete this email and do not open the attachment, if you receive it. Here are a few tips to ensure you don’t fall victim to future phishing scams:
Check the “from” address
Emails can easily be spoofed and the from address may look very similar to an official address. It may say “Amazon Canada” and the address itself could be “email@example.com”, but this is not actually from Amazon. Oftentimes, scammers will use similar website names so that, at first glance, it appears legitimate.
Who is it addressed to?
Emails addressed to your email address are often a sign that the sender doesn’t know who you are. For example, if your email is firstname.lastname@example.org and the email starts with “Dear email@example.com, . . .” it is likely a scam.
Were you expecting it?
If an email claims that purchases have been made on an Amazon account, or something similar, do not use links provided in the email. Instead, check out your account by going to the website yourself and verifying that no purchases have been made.
Scrutinize the spelling and grammar
Scam emails often have poor grammar, spelling mistakes, or inconsistencies.
Don’t open any attachments unless you expect them
Scammers rely on the immediate shock when you see an email that says “Invoice” or “Purchase receipt”. Instinctively, you will want to find out what it is all about. If you aren’t expecting an attachment, receipt, or invoice, don’t open it.
Keep computer and cell phone software up to date
Install updates as soon as they become available and make sure you have virus protection on your computer.
Two-factor authentication further secures your accounts by requiring more than just a password. It may rely on an app which generates a code, texting you a code when you login, or asking you a security question upon login.
The best thing to do is to reach out to the company, person, website, or wherever it claims to be coming from, directly. Do not reply to the email in question.
Bottom line, if you don’t feel comfortable or are uncertain to any degree, don’t trust the email. UNB stated the following in their alert:
“Always be suspicious of emails asking you to open an attachment. If you’re unsure about the legitimacy of an email, DO NOT reply or click on any links. Instead, contact the IT Service Desk at firstname.lastname@example.org, 506-457-2222 (Fredericton) or 506-657-2222 (Saint John) and they will let you know if it’s okay.”