By McGill Reporter Staff
As the McGill community readies itself for a new academic year, cybercriminals are getting busy as well. Several McGill email users have recently received phishing emails that look like legitimate McGill correspondence—but are actually designed to steal your confidential personal information.
Below is a sample of one such fraudulent email. Although it may appear at first glance to be from Office 365, which is one of McGill’s password-protected systems, it is fake. (Other phishing attempts may mimic myCourses, Minerva or any other official McGill webpages.) If the recipient were to click on the “Validate Email Account” link, they’d be asked to input their user name and password. That sensitive personal information would then be delivered to hackers. Poor spelling and grammar are often a sign of a fraudulent email, and this particular message misspelled “McGill” (“MgGill”); IT Services has compiled a list of other “Telltale signs of phishing” to help you protect yourself from deception.
If you are suspicious of the legitimacy of an email, avoid clicking on any links or replying. Check to see if the suspicious email appears on McGill IT Services’ list of known scams. (The subject lines of recent phishing emails include, “Important Alert from McGill University Admin,” “RE: Agreement with Folder Share,” and “You have a message from McGill Via Dropbox.”) If your suspicious email does not appear on the list, please report it to the IT Service Desk.
It can be hard to distinguish a real email from a fraudulent one. Hackers are becoming increasingly adept at creating content and URLs that mimic legitimate sites.
Whenever you click on a link, it is very important to pay careful attention to the URL to which you are directed. For McGill-managed systems, the URL should start with http://something.mcgill.ca/ or https://something.mcgill.ca/ (other parameters or directories may follow the slash).
Hackers can easily create deceptive URLs that differ only slightly from legitimate addresses. Here are the legitimate URLs of commonly used systems at McGill:
- Microsoft Office 365 portal: https://login.microsoftonline.com or https://portal.office.com
- Minerva: https://horizon.mcgill.ca/pban1/twbkwbis.P_WWWLogin
- myMcGill portal: https://mymcgill.mcgill.ca/
- myCourses: https://mycourses2.mcgill.ca/
- D2 (the new document management system replacing Centerstage): https://cms.mcgill.ca/D2/
- Banner (INB): https://horizoninb.mcgill.ca/inb
For more information on how you can protect yourself and spot phishing scams, take the IT Security Awareness Online Course, “Focus on Phishing,” and read about best practices in the following articles: