UBC Cybersecurity is aware of multiple phishing campaigns actively targeting UBC staff.
With this information in mind, please be vigilant when examining any message that you receive in your inbox.
- Watch for the [CAUTION: Non-UBC Email] banner at the top of emails.
- Emails from UBC colleagues and services will NOT have this banner applied.
- Emails from UBC colleagues and services should not be from internet mailing services like Gmail or Hotmail.
- Do not exchange information or take action based on messages from unauthorised email addresses.
- Do not open attachments that you weren’t expecting, especially if they require a password to open.
- Contact the sender either by phone or by sending them a separate email to a known email address (do not reply to the email you received) to confirm legitimacy.
- Do not click on links in messages.
- Always type the website address into your browser.
- Trust your instincts.
- If the sender’s standard email format isn’t followed (e.g., their signature has changed or their email just doesn’t sound quite like them), follow up to see if it’s legitimate by sending a new email (not a reply) to their real UBC.ca email address and wait for a response BEFORE acting on anything in the original email.
- Report any suspicious email messages to security@ubc.ca.
Remember, no matter who someone claims to be, you should never feel pressured to “help” someone by engaging in steps that do not follow proper procedure and protocol. If in any doubt, please forward suspicious email messages as an attachment to security@ubc.ca, who will review emails or any other form of electronic communication to assist in validating a request.
Learn more about staying safe online from the Digital Solutions team.
