What is a phishing attack and how you can help keep cyber attacks at bay

Like many large organizations, York University continues to be the of an increasing number of phishing attacks. A phishing attack is a type of cyber attack often used to trick users into disclosing their password, sensitive information, or credit card numbers. Studies have shown that phishing is one of the top five cyber threats in 2017-18. University Information Technology’s Information Security team blocks many of these attacks before they reach you, but cyber-criminals are continually devising ways to elude defenses.

Recognizing and stopping phishing is an essential part of keeping university accounts and information more secure. If you notice an email with the following signs, report it to Information Security.

Signs that an email is a phishing attack:
1. The email requires an immediate action to avoid losing access to computing resources.
2. The email is an urgent request for personal information or assistance.
3. The message contains grammatical errors and typos.
4. The sender’s email address is empty or suspicious
5. Positioning your mouse on the link (without clicking) reveals a suspicious URL that does not point to yorku.ca.

Information Security is making it easier to report suspicious messages by introducing the “Report Phishing” button to York’s Microsoft Outlook. As of Oct. 20, this button will begin to appear on the Outlook menu. When you receive a message that you think is phishing, clicking the “Report Phishing” button will automate reporting by packaging the suspicious message plus its header information, send it to phish@yorku.ca (reviewed by Information Security) and delete the message from your inbox.