"Phishing" means someone is pretending to be someone you may know, or an institution you are likely to trust, in order to get from you money, passwords, or other sensitive information via the internet.
The two most common forms of this are through email and text messages. However, even traditional telephone calls may be used by criminals; for example, they may ring your desk phone, and pretend to be a new employee of the college whom you haven't yet met. Their goals may vary: they may ask you to click a link, which downloads malware to your computer, or takes you to a login screen where you are supposed to enter in your username and password. Or, they may ask you to send them money or gift cards, because they are in some sort of odd but legitimate dilemma. These are common scams attempted by phishing.
Phishing via Text Message
A common form of this scam comes via text messaging. You may receive a text message purporting to be from the college president, a vice president, or a dean, asking you to reply so they can give you specific instructions on how to help them. College leadership is public information, readily available on the internet, so finding out who, for example, are the deans of our various schools is easy for a scammer (as well as legitimate businesses.)
So if you receive a text like this one below, you may safely assume it is a scam.
Our college leadership will not send you text messages asking for urgent help, from phone numbers or identities you do not recognize. We have established ways to communicate at the college, and they do not include text message from unknown contact numbers. If you use text messaging in your work at Canisius:
- Arrange that specifically, before hand, with your fellow employees, and install each other in your contact lists so each employee is properly identified in text message conversations.
- Even with that, be on the lookout for messages that seem suspicious; never transmit sensitive information (for example, passwords) via text message! ...and it's safe to assume that sudden requests for gift card codes probably isn't legitimate, either.
- If you are ever suspicious, use a second official form of Canisius communication to verify that a request via text messaging is legitimate.
Needless to say, the real President Stoute did not text this employee after hours!
You may receive emails which appear legitimate but are from "inauthentic actors," or in everyday language, liars who hope to manipulate you into giving them something important. Often they are sent from email addresses that are not @canisius.edu, but sometimes hackers are using a Canisius account that they successfully gained access to in the past. Consider the following when clicking links or opening attachments in any email you receive:
- It's from a coworker. But is that their @canisius.edu employee address?
- Are there spelling or grammatical errors that might suggest it is a scam, rather than professional communication from a coworker?
- Were you expecting an email containing an attachment from the sender? If you are at all unsure, call them on the telephone, or contact firstname.lastname@example.org for verification.
- Is it from an office on campus, using their official, appropriate title (ex. Griff Center for Academic Engagement, or Information Technology Services), or just something vague (ex. Student Support Office, or IT Service Desk)?
In general, if you have any doubts, forward the suspicious email to email@example.com. If it's from an on-campus sender, call that individual via their office phone, to verify if the email is truly from them.
Learn more about Phishing:
The following are typical phishing attempts that Canisius College employees and students have received in the past. You may find similar emails in your Canisius email. If you clicked on a link in similar emails, visit another computer and change your password. If you have suspicions about an email you received, feel free to contact the ITS Help Desk (email - firstname.lastname@example.org | phone - (716) 888-8340 ).
Featured Recent Phishing Examples: