[updated July 15, 2020] IT would like to take this opportunity to remind users to be vigilant of the email messages that land in their inbox – especially those messages that ask you to divulge personal information. These messages are examples of phishing attacks. Phishing attacks use spoofed emails and fake web sites to fool the recipients into divulging personal information such as user names and passwords, credit card numbers, social insurance numbers, etc.
Phishing attacks come in many forms and most often try to spoof services that you’re likely familiar with to give you a false sense of security. These can include:
First and foremost you should know that Sheridan will NEVER send you an email asking you to divulge account details, or with links asking you to log into your account. The easiest way to protect yourself is to never respond to anyone who asks for personal information by email, even it is from a seemingly legitimate source.
Be suspicious of any email that:
Below are several recent examples of phishing messages that have been making the rounds. Note that each of these messages contain several clues (highlighted in red) that should alert users to the fact that they are not from legitimate sources.
This is a fake Sheridan Support Help-Desk phishing email. Sheridan IT will never send you an email asking you to divulge account details, or with links asking you to log into your account.
This fake parking ticket warning is filled with clues that should make you suspicious. FYI, parking notices from Sheridan come from Sheridan's own parking office and do not include any live links.
Banks have a pretty good handle on who their customers are and won't typically greet you using your email address.
An email without a subject line is a good cue that something is phishy.
Do you have an Apple account registered to your business email address?
Do you have a Salesforce account?
Are you expecting an electronic fax from someone?
Sheridan will NEVER send you this kind of email!
Do you have a Skype account?
Why would Apple send you an email message that links to a message?
Really, when was the last time the government found some money for you?
Do you have a Desjardins account registered to your business email address?
Do you have an Amazon account registered to your business email address?
To help make reporting phishing emails to IT easy, a new Microsoft Outlook plug-in, Phish Alert, has been made available for you to download and install through AppsAnywhere. Once installed, restart your Outlook client and you’re ready to report any ‘phishy’ emails at the click of a button.
If you are not using Outlook, you can still report phishing by forwarding the email as an attachment to the IT Service Desk.
If you happened to get ‘hooked’ by one of these messages, you should change your password immediately and contact Information Security.
All Sheridan employees can take advantage of comprehensive security awareness training, offered through KnowBe4, that will help you to identify phishing emails and other cyber security attacks. All employees are strongly encouraged to take this training as the lessons learned will be of great benefit to both your professional and personal life.
When in doubt contact firstname.lastname@example.org for a second opinion.