CNC IT Services (as well as all major institutions such as CRA, banks, and Facebook) will not ask users for user account or banking / credit card information over email.
What does a phishing email look like?
Spelling and bad grammar: Phishing emails tend to exhibit spelling errors and poor grammar usage.
Email links: Phishing emails will have links in the body of the email that look legitimate but actually send you somewhere that could infect your computer. Hovering the mouse over the link will show where it actually is linking to.
Threats: Phishing emails will threaten to close your account, harm your credit, send you to jail, or any other number of threats that will cause you to do what they want.
Impersonating popular companies: Phishing emails will pretend to be an organization you trust to get you to do what they want.
How do I know if it's a legitimate CNC site?
To make certain that you are connecting to an official CNC site (or any other major website such as CRA, or a banking institution), look for these two vital clues in the website address in your browsers address bar.
- https://: Ensure that the website begins with https:// in the address bar.
- Site name: Ensure that the expected name is in the address (cnc.bc.ca).
Tips on avoiding phishing attempts.
Do not click on links in messages. Links can look legitimate, but actually direct you to a malicious website that may be able to infect your computer just by opening the website in your browser.
Do not provide personal or professional information online.
Do not send sensitive information (such as account, banking, or credit card info).
How to report a phishing attempt
If you think you may have submitted your information to an illegitimate site, go to CNC Account and change your password immediately. Forward the offending email to IT Services and inform them of the possible security breach of the account.
Examples of email phishing attempts
Email Scam (May 24, 2018): "Update"
From:kuribakanya caroline <firstname.lastname@example.org>
Sent: May 24, 2018 1:33 PM
In an effort to increase the level of security for all our Email account User, We are implementing a new email password policy for your protection and Spam filter.If you have not update youremail recently Kindly click here <<LINK REMOVED>> to update your Email or your Email account will be temporarily suspended within the next 24 hours.
Email Scam (Apr 11, 2018): "Mail Verification"
From: Anyieth, Kuany Chol - anykc001 [mailto:email@example.com]
Sent: April 11, 2018 11:38 AM
Subject: Mail verification
Dear mail account owner,
This is to inform you that we are currently carrying out scheduled maintenance and upgrade of our mail service, all account owners are required to verify their email account by clicking the webpage given below:
<<Link Removed>>CLICK VERIFICATION WEBPAGE
All account owners are required to verify their email In order to keep the contents of the mailbox safe. failure to do this within 72 hours of receiving this message, your account will be deleted from our database.
College of New Caledonia.
Case number: 854056.
Email Scam (Mar 11, 2018): "Your happiness depends on this letter"
From: Shame <firstname.lastname@example.org>
Date: March 11, 2018 at 10:32:58 AM PDT
Subject: Your happiness depends on this letter
Do not mind on my illiteracy, Im foreign.
We uploaded our virus onto your system.
Now I stole all private background from your OS. Moreover I obtained some more then just data.
The most amusing evidence that I have- its a videotape with your *****.
<<Language Removed>>. As soon as you picked the video and clicked on a play, my virus immediately loaded on your system.
After setup, your web camera shoot the videotape with you <<Language Removed>>, moreover I saved the video you watched. In next few days my malicious software collected all your social media and email contacts.
If you want to delete the videotape- send me 309 united state dollar in BTC(cryptocurrency).
I provide you my Btc number - 18******xys5ZfiPaoK
You have 24 hours to go from this moment. When I receive transaction I will eliminate the compromising in perpetuity. Otherwise I will forward the record to all your colleagues and friends.
Email Scam (Feb 16, 2018): "Help Desk"
From: Geraldo Celso de Carvalho [mailto:email@example.com]
Sent: Friday, February 16, 2018 10:58 AM
Subject: Help Desk
IT Service Desk upgrade your Web Mail 2018 (Click update 2018) <<Link Removed>> to upgrade now
Admin Help Desk
©All rights reserved. 2018.
“Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e/ou legalmente privilegiada. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, peço que me retorne este e-mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. Fica desprovida de eficácia e validade a mensagem que contiver opiniões particulares e vínculos obrigacionais, expedida por quem não detenha poderes de representação por parte da ECT.”
"This message is intended only for the person to whom it is addressed and may contain confidential and/or legally privileged. If you are not a recipient of this message, it is now notified of refraining to disclose; copy; distribute; examine; or in any way use the information contained in this message because it is illegal. If you have received this message in error, please I ask to return this email, promoting as soon as possible the elimination of its content in database, records or system control. It is devoid of effective and valid message that contains the private opinions and dividend bonds, issued by those not holding powers of attorney by the ECT."
Recent Phishing Attempts for CNC Staff and Faculty
You can view recently reported CNC phishing attempts on the IT Security Portal. You can look here to see if the email you are suspicious of is fraudulent, or see if it may need to be reported to ITS Helpdesk.