Email Phishing

CNC IT Services (as well as all major institutions such as CRA, banks, and Facebook) will not ask users for user account or banking / credit card information over email.


If you think you have submitted your information to an illegitimate site, go to CNC Account and change your password immediately. Forward the offending email to IT Services and inform them of the possible security breach of the account.


What does a phishing email look like?

How do I know if it is a legitimate site?

Tips on avoiding phishing attempts.

How to report a phishing attempt.

Latest Phishing Attempts.


What does a phishing email look like?

phishing_example

Spelling and bad grammar: Phishing emails tend to exhibit spelling errors and poor grammar usage.

Email links: Phishing emails will have links in the body of the email that look legitimate but actually send you somewhere that could infect your computer. Hovering the mouse over the link will show where it actually is linking to.

phishing_hover

Threats: Phishing emails will threaten to close your account, harm your credit, send you to jail, or any other number of threats that will cause you to do what they want.

Impersonating popular companies: Phishing emails will pretend to be an organization you trust to get you to do what they want.


How do I know if it's a legitimate CNC site?

To make certain that you are connecting to an official CNC site (or any other major website such as CRA, or a banking institution), look for these two vital clues in the website address in your browsers address bar.

  • https://: Ensure that the website begins with https:// in the address bar.
  • Site name: Ensure that the expected name is in the address (cnc.bc.ca).

  • phishing_correct_url


Tips on avoiding phishing attempts.

Do not click on links in messages. Links can look legitimate, but actually direct you to a malicious website that may be able to infect your computer just by opening the website in your browser.

Do not provide personal or professional information online.

Do not send sensitive information (such as account, banking, or credit card info).


How to report a phishing attempt

If you think you may have submitted your information to an illegitimate site, go to CNC Account and change your password immediately. Forward the offending email to IT Services and inform them of the possible security breach of the account.


Examples of email phishing attempts

Email Scam (Mar 27, 2017): "RE:"



From: bjorganfam818@telus818.net [mailto:bjorganfam818@telus818.net]
Sent: Monday, March 27, 2017 3:41 AM
To: xxxxxxxxxxx <xxxxxx@cnc.bc.ca>
Subject: RE:

 

RE: Information Request from the Trades Consortium Website


Profile << Removed Link >>



Email Scam (Mar 16, 2017): "Delivery fail notice #145662321"

Dear client, xxxxx@cnc.bc.ca

 
We attempted to deliver your package on March 12, 2017
 
The delivery attempt failed because nobody was present at the delivery address, so this notification has been sent automatically.
 
You may rearrange delivery by visiting the closest United kingdom Post office locationwith the printed invoice specified below.
 
If the package is NOT arranged for redelivery or picked up in 48 hours, it will be shipped back to the sender.
 
TRACKING: LB343846721UK
Expected Delivery Date: March 12, 2017
Class: Package Services
Service(s): Shiping Confirmation
Status: eNoctice sent
 
To download the shipping invoice, please visit the following link: 
http://www.example.com/cpotools/apps/track/personal/findInvoiceByTrackingNumber?session_id=910938402
Best Regards,Kind Regards,
© 2017 United kingdom Post Corporation
 
*** If the link doesn't work, you should transfer that message from Junk folder to Inbox. ***
*** This is an automatically created email notification, DO NOT REPLY ***

Email Scam (Mar 16, 2017): "[AV:Warning] Lectus Cum Sociis Limited"

Check your report attached. Doc Passcode: fODngYtgWeS

P.S. The Payment should appear in 6 hours

Kelly Barrett
Lectus Cum Sociis Limited

Email Scam (Mar 16, 2017): "Subpoena # 9675"


SUMMONS NOTICE TO THE DEFENDANT:
 
1. YOU ARE BEING SUED.
 
2. YOU NOW HAVE 22 DAYS after receiving this summons to file a written answer with the court and serve a copy on the other party or take other lawful action with the court (27 days if you were served outside of this state).
 
3. If you will not reply within the time allowed, judgment may be entered against you for the relief demanded in the complaint.
 
03-CV-2017-910104.00
 
FILED ON 2/24/2017 1:02:07 PM
 
******* IMPORTANT NOTICE TO DEFENDANT *******
 
-YOU ARE BEING NOTIFIED OF THE HEARING DATE AND TIME OF THIS CASE BY DOCUMENTS ENCLOSED.
 
-IF THE DEFENDANT WILL NOT APPEARIN COURT, A JUDGMENT MAY BE ENTERED AGAINST 
THE DEFENDANT FOR THE RELIEF SOUGHT BY THE PLAINTIFF.
 
YOU MUST READ AND PRINT ATTACHMENT IN THE LINK AND FOLLOW THE INSTRUCTIONS SHOWN THEREIN.
 
http://example.com/subpoena/cat?id=794835786gf
 
*** If this link do not work, you might transfer that letter from Spam folder to Inbox. ***
* This is an automatically generated notification, DO NOT REPLY ** 

Email Scam (Mar 16, 2017): "please check parcel"    

 Your sending has not been delivered!
  

Please download and view the information about your sending, print it and go to the post office to claim your dispatch: 
 
Package Document
 
Warranties Canada Post expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service. Where the law prevents such exclusion and implies conditions and warranties into this contract, where legally permitted, the liability of Canada Post regarding breach of such condition, guarantee or warranty is limited according to judgment of Canada Post to either providing the Service again or paying the cost of having the service supplied again. 
 
You can find any information about the procedure and conditions of dispatch storing, in the nearest post office.
 
Please check information otherwise, you may be fined by an error.

 
Sincerely, 
The Canada Post Online Team

© 2017 Canada Post Corporation  

epostTM and Solutions for Small BusinessTM are trademarks of Canada Post Corporation.
Note: For maximum security we recommend that you always enter our specific website address into your browser or use a bookmark. 

To stop receiving promotional emails, please click unsubscribe 

Legal | Privacy 

Contact us online 

Contact us by phone at 1-866-511-0546
Contact us by mail at: 
Canada Post
Attn: Customer Service
35 Hughes St.
Fredericton NB E3A 2W2

Your sending has not been delivered to your address on February 27, 2017, as nobody was at home. If you don't claim a package within duty days, Canada Post will fine you for storing it.

 

Recent Phishing Attempts for CNC Staff and Faculty

You can view recently reported CNC phishing attempts on the IT Security Portallinks to external site. You can look here to see if the email you are suspicious of is fraudulent, or see if it may need to be reported to ITS Helpdesk.