What is a Phishing Email?

A Phishing Email is a type of online scam where cybercriminals send an email that appears to be a legitimate company or organization that asks you to perform an action. The action usually consists of clicking on a link, opening an attachment, asking you to wire money, or forwarding confidential information. Doing this can result in financial loss, data loss, or identity theft. How do you determine what is safe to click on or open and what is a phishing email?

Phishing emails look official but often have the following characteristics:

How to Avoid Becoming a Victim

Before you click on a link or open an attachment:

If it is not feasible or practical to follow these guidelines, look for phishing red flags before you click on a link or open an attachment.

Phishing Email Red Flags

If you receive an email with any of these red flags it may be a phishing email.

What to do if you Receive a Phishing Email?

  1. Do not click on any links or open any attachments. However, it is safe to read the email.
  2. If the email refers to Mount Royal or appears to be from someone in the Mount Royal community, forward it in its entirety to abuse@mtroyal.ca to let IT Services know the email needs to be blocked.
  3. Select Report Phishing to let Google know the email needs to be blocked.

Note: If the email is in your Spam folder do not forward it, it has already been reported.

Make it Difficult for Criminals

Cybercriminals know their chances of getting you to click are greater if the email is plausible, containing information relevant to you and your life. To make their emails as plausible as possible, they scour the internet looking for information about you.

To make it harder for criminals:


If your Gmail account has been compromised, immediately contact the ITS Service Desk at (403) 440-6000 and they will reset your account. However, when cybercriminals gain access to an account, they will often change its settings allowing them to regain control of it even after it has been reset. To ensure your Gmail account stays firmly within your control, there are several things that need to be checked:

Note: If you make any changes to these settings, click the Save Changes button.

Phase One: Check Signature & Vacation Responder

  1. Open Gmail.
  2. Click the Settings button. The General settings page appears.
  3. Confirm that the signature is correct.
  4. Delete and recreate any links contained within the signature.
  5. Turn the Vacation responder off or check that the settings are correct.

Phase Two: Check who has Access to your Account and your Send as

Google allows you to change who the email appears to come from and provide access to.

  1. Open Gmail.
  2. Click the Settings button. The General settings appear.
  3. Click the Accounts tab. The Accounts settings appear.
  4. In the Send mail as section, check to make sure only your name and email address appear.
  5. In the Grant access to your account section, make sure another account is not listed.

Phase Three: Check if Filters are Added

Filter your incoming email.

  1. Open Gmail.
  2. Click the Settings button. The General settings appear.
  3. Click the Filters and Blocked Addresses tab. The filter settings appear.
  4. Check that there are no added filters.
  5. Check that there are no blocked addresses.

Note: By default, there are no filters added to Gmail.

Phase Four: Check if Mail is Forwarded

All your email can forwarded to an another account.

  1. Open Gmail.
  2. Click the Settings button. The General settings appear.
  3. Click the Forwarding and POP/IMAP tab. The forwarding settings appear.
  4. Check that a forwarding address has not been added.