Cyber Security Awareness Month: Week 2 - Don’t click that link!

In our second week of our cyber security awareness campaign, we are taking a look at phishing attacks. This October, make sure that you don't fall for any spooky online tricks!

What is phishing:

Phishing is a type of deception designed to get you to do one of the following:

• Get you to hand over personal information or
• Get you to download malware.

Where does phishing happen?

• In e-mail messages, even if they appear to be from a co-worker or someone you know.
• On social networking sites.
• On a fake websites pretending to accept donations for charity.
• On website designed to look like familiar sites using slightly different Web addresses.
• In instant messaging programs.
• From texts on your cell phone or other mobile device.

Often phishing scams rely on placing links in e-mail messages, on websites, or in instant messages that seem to come from a service that you trust, like your bank, credit card, social networking site, or even BCIT.

Things to look for:

Look up the sender:

• Is the email from someone you know? Does the message align with their position?
• Spear Phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.
• Double check that the email address is correct. Some phishing scams will use a name you might recognize, but the email address could be incorrect.

Highlight the links – but don’t click them!

• If you hover your mouse over a link, a tooltip will appear showing the URL the link associates to. Does the URL point to a legitimate website?
• If the message seems to be from your bank, but the URL doesn’t match your bank’s website. It isn’t your bank!

Look for bad grammar:

• Often official emails are heavily proofread before being sent to customers. If there are a lot of spelling and grammar mistakes, it is probably someone pretending to be that company.

What to do:

If you suspect a message is a phishing scam, follow these tips

1. Don’t click anything in the email
2. Delete the email
3. Trust your gut, if it doesn’t seem legitimate it probably isn’t.
4. If it came into your BCIT mailbox, report it to BCIT IT Services at techhelp@bcit.ca

Important: If you have already clicked on a link or provided your personal information change your password for the affected account. If you use the same email and password for multiple accounts, change those too! If you have provided someone your BCIT credentials, login to myBCIT and change your password immediately.

For more information, check out the following resources:

• 10 tips for spotting a phishing email
• Knowledge Base: Spam and what to do about it

BCIT is committed to taking appropriate measures to preserve the confidentiality, integrity, and availability of information and information technology (IT). All users at BCIT are responsible for:

•Taking appropriate measures to prevent loss, damage, abuse, or unauthorized access to information assets under their control
•Promptly reporting all acts that may constitute real or suspected breaches of security including, but not limited to, unauthorized access, theft, system or network intrusions, willful damage, and fraud.
•Looking after any physical device (tools, computers, vehicles, etc.) and access articles (keys, ID cards, system IDs, passwords, etc.) assigned to them for the purposes of performing their job duties, taking courses, conducting research, or otherwise participating within the Institute.
•Respecting the classification of information as established by the information owner