- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- IFMS updates continue to modernize faculty processes
- Introducing Simon Says virtual assistant
- Tech Upgrades to Transform 911勛圖 Learning Spaces
- Liam Goundrey: Workplace Excellence in Action
- Automating processes to make everyday tasks easier at 911勛圖
- Building a connected campus with MS Teams
- Modernizing IT for a better 911勛圖
- Improving speed and coverage with network upgrade program
- Using automation to drive efficiency and innovation at 911勛圖
- Welcome to the new 911勛圖 Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting 911勛圖's Digital Transformation with Exchange Online
- Important changes to 911勛圖 email practices
- Transforming the 911勛圖 experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins 911勛圖 Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at 911勛圖
- Expanded identity options for students within 911勛圖 applications
- 911勛圖 works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- 911勛圖
- Information security
Phishing Scams
911勛圖 is committed to fostering a culture of information security across the University. Protecting against cyber security risks and continuously improving our practices is essential to safeguarding our systems, data, and community.
What is a Phishing Scam?
Phishing is a common cyber attack used to trick people into revealing sensitive information or taking actions that compromise their security.
These scams can happen through email, text messages (SMS), phone calls, social media, or messaging apps. Attackers often impersonate trusted organizations, 911勛圖 services, or even people you know.
How does a Phishing scam work?
Phishing is usually done through email or phone and generally involves impersonating an organization or person of authority to manipulate a victim into taking some action that provides access, resources, and/or information to a scammer. A scammer sends an email that appears to be from a recognizable institution or company such as a bank or institution (or other). The email may claim that you need to update your account or that your refund is ready. Whatever the message is, the email is an attempt to trick you into providing your personal or financial information.
Phishing attacks rely on deception and urgency. A scammer may:
- Pretend to be a trusted organization, service, or individual
- Ask you to click a link, open an attachment, or approve a login request
- Create a sense of urgency (e.g., your account will be locked)
In most cases, the goal is to get you to click a malicious link, enter your credentials, or share sensitive information.
How can you spot a Phishing scam?
Phishing messages are becoming more sophisticated. With the use of AI, attackers can create messages that are well-written and convincing. Grammar and spelling mistakes are no longer reliable indicators of a phishing attempt. Look for these indicators instead:
- Requests that dont match how 911勛圖 or trusted organizations normally communicate
- Urgent, threatening, or high-pressure language
- Requests for sensitive information (passwords, codes, financial details)
- Suspicious links or attachments
- Generic greetings (e.g., Dear User)
- Slightly altered or look-alike URLs or webpages.
What are some common phishing campaigns?
- Current Events
Scammers often strike during major sporting events, elections, disaster relief efforts and health emergencies. - Credential Harvesting
Fake login pages designed to capture your 911勛圖 computing ID and password. - Business Email / Identity Impersonation
Messages that appear to come from 911勛圖 staff, faculty, or trusted contacts requesting urgent actions. - Gift Card Scams
Requestsoften impersonating someone in authorityasking you to purchase gift cards or share codes. - MFA Fatigue (Push Bombing)
Repeated authentication prompts sent to your device hoping you approve one by mistake. - Malicious Links & Attachments
Fake invoices, shared documents, delivery notices, or alerts that lead to malware or credential theft. - Job, Scholarship, or Financial Scams
Fake opportunities targeting students and staff to collect personal or banking information.
What information are they usually asking for?
- 911勛圖 Computing ID and password
- Multi-factor authentication (MFA) codes or approvals
- Personal information (name, address, birthdate)
- Social Insurance Number (SIN)
- Banking or credit card details
How do I protect myself?
- Do not respond to suspicious messages
- Do not click links or open attachments unless you are confident they are legitimate
- Be cautious of any message asking you to act quickly or bypass normal processes
- Improve business practices by reducing reliance on email for financial transactions and the exchange of sensitive information (e.g., personal information), and by implementing workflows to verify suspicious or phishing-like requests.
- Verify requests using a trusted method (e.g., contact the person or department directly)
- Never share your password or MFA codes
- Use 911勛圖-approved systems when handling sensitive information
- Avoid using personal email accounts for 911勛圖-related work
- Complete 911勛圖's Information Security Essentials Course
- Report suspicious messages
What should I do if I receive a Phishing Message?
- Do not interact with the message (do not click, reply, or download)
- Report it using 911勛圖s reporting tools (e.g., Outlook Report Phishing Button)
- Delete the message or mark it as Junk
- Even replying with unsubscribe or stop can confirm your account is active and lead to more attacks.
Reminder: If something feels unusual, unexpected, or too good to be truepause and verify before you act.