IT Services
Information Security

Phishing Messages – Don't Get Hooked

fishing hook grabbing credit card[updated July 15, 2020] IT would like to take this opportunity to remind users to be vigilant of the email messages that land in their inbox – especially those messages that ask you to divulge personal information. These messages are examples of phishing attacks. Phishing attacks use spoofed emails and fake web sites to fool the recipients into divulging personal information such as user names and passwords, credit card numbers, social insurance numbers, etc.

Phishing attacks come in many forms and most often try to spoof services that you’re likely familiar with to give you a false sense of security. These can include:

First and foremost you should know that Sheridan will NEVER send you an email asking you to divulge account details, or with links asking you to log into your account. The easiest way to protect yourself is to never respond to anyone who asks for personal information by email, even it is from a seemingly legitimate source.

Be suspicious of any email that:

Phishing Examples

Below are several recent examples of phishing messages that have been making the rounds. Note that each of these messages contain several clues (highlighted in red) that should alert users to the fact that they are not from legitimate sources.

This is a fake Sheridan Support Help-Desk phishing email. Sheridan IT will never send you an email asking you to divulge account details, or with links asking you to log into your account.

Sheridan Support Help-Desk phishing example

This fake parking ticket warning is filled with clues that should make you suspicious. FYI, parking notices from Sheridan come from Sheridan's own parking office and do not include any live links.

Banks have a pretty good handle on who their customers are and won't typically greet you using your email address.

Royal Bank Phishing Example

An email without a subject line is a good cue that something is phishy.

Do you have an Apple account registered to your business email address?

Apple Phishing Example

Do you have a Salesforce account?

salesforce phishing example

Are you expecting an electronic fax from someone?

efax phishing example

Sheridan will NEVER send you this kind of email!

Staff Phishing Example

Do you have a Skype account?

Skype Phishing Example

Skype phishing example #2

Why would Apple send you an email message that links to a message?

iTunes Phishing example

Apple Phishing example

Really, when was the last time the government found some money for you?

Canada Revenue Phishing example

Do you have a Desjardins account registered to your business email address?

Desjardins Phishing example

Do you have an Amazon account registered to your business email address?

Amazon phishing example


Reporting Suspicious Messages

To help make reporting phishing emails to IT easy, a new Microsoft Outlook plug-in, Phish Alert, has been made available for you to download and install through AppsAnywhere.  Once installed, restart your Outlook client and you’re ready to report any ‘phishy’ emails at the click of a button.

If you are not using Outlook, you can still report phishing by forwarding the email as an attachment to the IT Service Desk.

"I Think I’ve Been Hooked!"

If you happened to get ‘hooked’ by one of these messages, you should change your password immediately and contact Information Security.

Cybersecurity Training for Employees

All Sheridan employees can take advantage of comprehensive security awareness training, offered through KnowBe4, that will help you to identify phishing emails and other cyber security attacks. All employees are strongly encouraged to take this training as the lessons learned will be of great benefit to both your professional and personal life. 

Don't Take a Chance, Ask the Experts

When in doubt contact for a second opinion.