Frequently asked questions
What is phishing?
- Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person.
- Targeted attacks typically start with a phishing email sent to as many people as possible, that contains a link to a malicious website. It can often appear to come from a trusted source.
- After clicking on the link, the attacker will attempt to infect and take control over the victims’ computers or harvest their usernames and passwords.
What is spear phishing?
- Spear phishing can also appear to come from a trusted source, however, it is highly targeted.
- The message will often be sent to only one person or a few selected individuals who have access to highly confidential information or servers.
- The attacker will often research the intended victim’s social media profiles and craft a highly customized email that will appear to be credible.
Why is phishing an issue?
- UVic emails have been targeted by phishing scams for quite some time.
- Phishing attempts are becoming more and more sophisticated these days and our personal information is highly at risk.
- The university is also at risk because our systems store highly confidential data such as SIN numbers, banking information (such as direct deposit), health information, student data, etc.
What is UVic doing about phishing?
University Systems employs the following two methods to reduce phishing spam on campus:
- DNS Blocklist: a service that all emails from computers known to generate spam.
- SpamAssassin: a product running on the UVic mail server that checks all email received from off campus against a set of spam filtering rules.
By employing these methods, UVic manages to filter approximately 800,000 fraudulent emails per day.
To learn more about spam filtering for @uvic.ca email addresses visit: http://www.uvic.ca/systems/support/emailcalendar/antispam/spam-filtering.php
What can I do to help minimize the risk of phishing at UVic?
- Keep your anti-virus software up-to-date.
- Keep your computer and key software such as your web browser, Adobe Reader, Adobe Flash, Microsoft Office and Java up-to-date.
- Use enterprise systems such as Connect/SharePoint and Departmental File Storage to store documents.
- Backup your data securely.
- Use secure passphrases and change them regularly.
How can I determine the full URL from a shortened URL (i.e. TinyURL, Bitly, etc.)?
To determine the full URL from a shortened URL, visit:
Where can I find examples of phishing emails?
What will UVic do with the data they gather from this phishing campaign?
- The data and metrics gathered during this campaign will be used to produce reports, track effectiveness of the training over a one-year period and to determine if there has been an overall reduction in successful phishing attacks.
- Individual responses from the target audience will not be identified. The data will be kept confidential and will be used for internal UVic reporting purposes only.
- Your credentials (password) will not be collected as part of this process.
- Similar phishing campaigns at other universities show a reduction in successful phishing attacks by 90%.
What do I do if I suspect my account has been compromised?
Visit and change your password immediately!
For additional assistance or information, contact the : 250-721-7687 or helpdesk@uvic.ca.
If you are noticing a lot of fraudulent emails in your inbox, there are a few ways you can prevent your account from receiving phishing or spam emails. Visit our page for details.
How do I report a phishing email?
If you receive what you think is a phishing message, you can either:
- Delete the email if you’re pretty sure it’s a phishing message and you don’t have time to deal with it.
- Check with a friend or colleague first to see if they received the same email.
- Help protect UVic by reporting the email to the Computer Help Desk (helpdesk@uvic.ca) or your local IT support person. If you are using a DSS managed computer, use the 'Report Phishing' button in Outlook to report the email and automatically delete it; otherwise, be sure to send the email as an attachment so that the email headers and any embedded links are included.The Help Desk will analyze the message and implement a block of the phishing URL for on-campus Internet connections.
What can I do if I'm receiving a lot of phishing emails?
If you are receiving a lot of phishing or junk emails you can change your spam settings. Please be aware, however, that some legitimate emails may also be identified as spam if you enable spam blocking on your UVic email account.
How do I self-register for online phishing awareness training?
UVic faculty and staff can click on the registration link below to self-register for online phishing awareness training:
What can I expect in the phishing awareness training?
UVic's phishing awareness training consists of three separate modules:
- Learn to spot fraudulent URLs
- Learn to spot fraudulent emails
- Social engineering - recognizing and avoiding scams
Each interactive module includes a few short quizzes and should take approximately 5 minutes to complete.
How do I craft an email so it doesn't look like a phish?
- Avoid using URL shorteners
- When including links be sure to include the full URL (http://...)
- Only use links that are copy and pasteable
- Link to legitimate resources on a UVic website (UVic.ca)
- Include your UVic contact information
- Only send email from a UVic.ca email address
- Avoid using vague salutations such as "hello" or "dear user"
- Include a brief description about the document you are attaching