Don’t get hooked by a phony phisherman

Use these practices to avoid handing your College account and password or personal information to a criminal.

Scam artists often go phishing for private information. They will send you an email which appears to be from a legitimate source like a bank, government agency, or even the College or give you a form or a link that looks authentic, and then ask you to provide personal account and personal information. Before you know it, you’re a victim!

How do I avoid phishing scams?

Here is what you can do to avoid taking the bait and falling prey to phishing scams:

Be suspicious of any email asking for personal information.

Phishing emails typically include upsetting or exciting language to get you to react without thinking, such as, “Your password is about to expire—respond now.” They will ask you for your user name and password, credit card number, Social Insurance Number, date of birth, or other personal information.

Be cautious about using the links in emails, instant messages, or chats.

If you suspect that the message you received is not authentic or if you do not know the sender, do not use the links in the email. Instead, call the company or type the website address directly into your browser.

Log on regularly to your online accounts.

Make it a habit to log on regularly and check your accounts to verify that all transactions are legitimate.

Avoid completing and sending back email forms if they ask for personal or account information.

Instead, use a secure website, phone call, or an office visit to communicate with financial institutions and other organizations.

Double check the security of any website you use before you supply information.

Phishers can forge two indicators of a secure site: the https:// and the yellow lock. Instead of using the provided link, always type the web address of your financial institution directly into your browser. To test the security lock, double‑click the lock to display the security certificate for the site. If any type of warning displays, such as, “the address of the site does not match the certificate,” do not continue.

Examine the address bar in your browser.

For example, if a link directs you to PayPal, notice what the address bar displays. If you see something like http://www.scammedyou.com/paypal/login.html, do not continue.

While you cannot stop phishing attempts, you can refuse to take the bait. Exercise caution, verify your sources, and provide information only when you know you are putting it into the right hands —those of organizations like RRC—that put privacy and security first.

What do I do if my account is compromised?

If you fall victim to a phishing attack, you should take the following steps to ensure that your account is secure:

Change your password

If your account is still accessible, change your password as soon as possible. The longer someone has your credentials, the more harm they can cause. Refer to the Change Password page.

Submit an emergency Case Log

Submit an emergency Case Log to receive help directly from an ITS team member.

What else should I do?

Mark the message as junk

If you still have the phishing message, mark it as junk. Right‑click on the message, and select Mark as junk.

Check your signatures

In an attempt to phish additional victims, attackers may add links to your email signature.

Check your forwarding rules

Some attackers may set your account to automatically forward all email to an account they control. Check to make sure that attackers are not forwarding your emails to another address.

Check your filters

Attackers may add filters to hide their activities from the account owner. Check to make sure that no one has created new Inbox rules.

Submit your messages to the Phish Bowl

If you receive a suspicious email message, you can now forward the message to ITS for evaluation. To do so, please select the email, on the Home tab, in the Respond group, click the More drop‑down menu, and then select Forward as Attachment to send the email to phishbowl@rrc.ca.

For additional tips and suggestions, refer to the Anatomy of a phishy email PDF (only staff can access this document).