AVOID THE REGRETTABLE EMAIL
- Check the recipient. Is it correct? Autofill makes it easy to send an email to the wrong person.
- Is the attachment the correct one?
- If the attachment is a form, is the form empty?
- Are you replying to everyone or just the sender?
- Does the email have a professional tone? At any time, anyone can use FOIP to request access to any of your emails. Consider emails to be postcards, readable by anyone at any time.
- Are you replying to the correct email? Using the text box at the bottom of the email thread will include all the emails when you reply or forward. Read all the emails in the thread to make sure the person you are forwarding or replying to, should read them. When in doubt use the arrow buttons to the right of the email for forwarding or replying.
- If you are sending sensitive information, check all of the above twice.
NAVIGATING EMAILS WITH LINKS OR ATTACHMENTS
What is a Phishing Email?
A Phishing Email is a type of online scam where cybercriminals send an email that appears to be a legitimate company or organization that asks you to perform an action. The action usually consists of clicking on a link, opening an attachment, asking you to wire money, or forwarding confidential information. Doing this can result in financial loss, data loss, or identity theft. How do you determine what is safe to click on or open and what is a phishing email?
Phishing emails look official but often have the following characteristics:
- Contain grammar or spelling mistakes.
- Require immediate action.
- Threaten to shut down an account.
- Contain generic salutations.
- The name of the sender may not match the sender email address.
How to Avoid Becoming a Victim
Before you click on a link or open an attachment:
- Slow down and give the email 100% of your attention.
- Read the email on a large screen. The small screen on your phone makes it difficult to see important details.
- If you know the sender or they are an affiliated with Mount Royal University, contact them by phone to verify that they have sent the email.
- If you know the organization, visit their website using a bookmark or Google search result.
If it is not feasible or practical to follow these guidelines, look for phishing red flags before you click on a link or open an attachment.
Phishing Email Red Flags
If you receive an email with any of these red flags it may be a phishing email.
What to do if you Receive a Phishing Email?
- Do not click on any links or open any attachments. However, it is safe to read the email.
- If the email refers to Mount Royal or appears to be from someone in the Mount Royal community, forward it in its entirety to abuse@mtroyal.ca to let IT Services know the email needs to be blocked.
- Select Report Phishing to let Google know the email needs to be blocked.
Note: If the email is in your Spam folder do not forward it, it has already been reported.
Make it Difficult for Criminals
Cybercriminals know their chances of getting you to click are greater if the email is plausible, containing information relevant to you and your life. To make their emails as plausible as possible, they scour the internet looking for information about you.
To make it harder for criminals:
- Lock down your social media accounts.
- Be careful about what you post publicly.
- Be cautious when commenting on other people’s posts. The creator of the post determines the privacy settings of your comment.
- Be careful what information you give to strangers over the phone. End phone conversations with individuals who ask questions they should already have the answers to or are too personal in nature.
RECOVERING YOUR GMAIL ACCOUNT FROM A COMPROMISE
If your Gmail account has been compromised, immediately contact the ITS Service Desk at (403) 440-6000 and they will reset your account. However, when cybercriminals gain access to an account, they will often change its settings allowing them to regain control of it even after it has been reset. To ensure your Gmail account stays firmly within your control, there are several things that need to be checked:
Note: If you make any changes to these settings, click the Save Changes button.
Phase One: Check Signature & Vacation Responder
- Open Gmail.
- Click the Settings button. The General settings page appears.
- Confirm that the signature is correct.
- Delete and recreate any links contained within the signature.
- Turn the Vacation responder off or check that the settings are correct.
Phase Two: Check who has Access to your Account and your Send as
Google allows you to change who the email appears to come from and provide access to.
- Open Gmail.
- Click the Settings button. The General settings appear.
- Click the Accounts tab. The Accounts settings appear.
- In the Send mail as section, check to make sure only your name and email address appear.
- In the Grant access to your account section, make sure another account is not listed.
Phase Three: Check if Filters are Added
Filter your incoming email.
- Open Gmail.
- Click the Settings button. The General settings appear.
- Click the Filters and Blocked Addresses tab. The filter settings appear.
- Check that there are no added filters.
- Check that there are no blocked addresses.
Note: By default, there are no filters added to Gmail.
Phase Four: Check if Mail is Forwarded
All your email can forwarded to an another account.
- Open Gmail.
- Click the Settings button. The General settings appear.
- Click the Forwarding and POP/IMAP tab. The forwarding settings appear.
- Check that a forwarding address has not been added.