Phishing

Owned by Greg Rusch
Last updated: yesterday at 11:18 am by Tyler Kron-Piatek
4 min read

"Phishing" means someone is pretending to be someone you may know, or an institution you are likely to trust, in order to get from you money, passwords, or other sensitive information via the internet.  

The two most common forms of this are through email and text messages.  However, even traditional telephone calls may be used by criminals; for example, they may ring your desk phone, and pretend to be a new employee of the University whom you haven't yet met.   Their goals may vary:  they may ask you to click a link, which downloads malware to your computer, or takes you to a login screen where you are supposed to enter in your username and password.  Or, they may ask you to send them money or gift cards, because they are in some sort of odd but legitimate dilemma.  These are common scams attempted by phishing.  

Phishing via Text Message

A common form of this scam comes via text messaging.  You may receive a text message purporting to be from the University president, a vice president, or a dean, asking you to reply so they can give you specific instructions on how to help them.  University leadership is public information, readily available on the internet, so finding out who, for example, are the deans of our various schools is easy for a scammer (as well as legitimate businesses.)  

So if you receive a text like this one below, you may safely assume it is a scam.  

Our University leadership will not send you text messages asking for urgent help, from phone numbers or identities you do not recognize.  We have established ways to communicate at the University, and they do not include text message from unknown contact numbers.   If you use text messaging in your work at Canisius:

  • Arrange that specifically, before hand, with your fellow employees, and install each other in your contact lists so each employee is properly identified in text message conversations.

  • Even with that, be on the lookout for messages that seem suspicious; never transmit sensitive information (for example, passwords) via text message!   ...and it's safe to assume that sudden requests for gift card codes probably isn't legitimate, either.   

  • If you are ever suspicious, use a second official form of Canisius communication to verify that a request via text messaging is legitimate.

Needless to say, the real President Stoute did not text this employee after hours!  

Email Phishing

You may receive emails which appear legitimate but are from "inauthentic actors," or in everyday language, liars who hope to manipulate you into giving them something important.  Often they are sent from email addresses that are not @canisius.edu, but sometimes hackers are using a Canisius account that they successfully gained access to in the past.  Consider the following when clicking links or opening attachments in any email you receive:

It's from a coworker.  But is that their @canisius.edu employee address?  
Are there spelling or grammatical errors that might suggest it is a scam, rather than professional communication from a coworker?  
Were you expecting an email containing an attachment from the sender?  If you are at all unsure, call them on the telephone, or contact helpdesk@canisius.edu for verification.
Is it from an office on campus, using their official, appropriate title (ex. Griff Center for Academic Engagement, or Information Technology Services), or just something vague (ex. Student Support Office, or IT Service Desk)?

In general, if you have any doubts, forward the suspicious email to helpdesk@canisius.edu.  If it's from an on-campus sender, call that individual via their office phone, to verify if the email is truly from them.  

Learn more about Phishing:


The following are typical phishing attempts that Canisius University employees and students have received in the past.  You may find similar emails in your Canisius email. If you clicked on a link in similar emails, visit another computer and change your password. If you have suspicions about an email you received, feel free to contact the ITS Help Desk (email - helpdesk@canisius.edu  | phone - (716) 888-8340 ).

 

Featured Recent Phishing Examples:

August 16th, 2023

There is no Katie Brown at Canisius University (and so there is no cheap deal on a gently used but much-loved piano!).  The CAUTION banner is an obvious clue that this is not legitimate.  But also note that the sender's email address is not an @canisius.edu address.  

February 14th, 2023

Nobody at the University contracted for "Geek Services."  If I called the number I am sure someone would gladly help me "cancel and refund this" provided I supply payment information to "verify the account."  

May 2018

This is not how ITS makes changes to email service!  

March 2019