Today@Dal

Phishing emails and malicious SMS/text messages are a persistent problem in any online community, and it can be hard to sort out legitimate messages from deceptive ones.

If you receive an obvious phishing message in your Dal email, the best action is to flag it as “Junk” or “Phish” in your Outlook program or on my.dal.ca’s Outlook web utility (right-clicking will give you an option to flag it). That will warn our email system that you received something deceptive.

The Information Security Office also recommends the following principles for anyone assessing an email or text message:

1)     If you weren’t expecting someone to send you an attachment, document, or link, or weren’t expecting their request for a financial transaction, don’t act on it yet. Be especially wary if it sounds urgent.

2)     Double check the sender’s email address and where web links go, to catch malicious emails mimicking someone you know. Dalhousie flags messages that come from outside of the institution as an aid to help you catch these faked emails. Even with messages that appear to be from Dal accounts, be wary of links that redirect to services that Dalhousie doesn’t officially use. Examples may be to Google Docs or Google Forms, or to Microsoft 365 (M365) web locations outside of Dal’s normal M365 environment.

3)     When evaluating a message, confirm with the sender via a different communications mechanism (phone, Teams, etc.) that the request came from them, before actioning it or opening the document/link that was sent to you.

These three steps performed as a safety check can avoid a number of risky situations. Our recommendations follow the same principle as filtering your phone calls using voicemail to avoid scam artists. If you’re not sure that you recognize the caller, don’t take the call. Verify who is contacting you first. You can always reach back out to them, to confirm you know to whom you are speaking.

Additional Resources

Please note: You will need to log in to the myDal Hub to access the following links:

·       Read the Protection from Phishing security article on our ITS myDal site.

·       Sign up for Multi-Factor Authentication (MFA) as an additional safety protection for your Dal account in case you do get phished.

·       View the latest Cybersecurity Alerts on the myDal Hub homepage, and a complete list of past alerts on the ITS myDal site.

·       Contact us if you have questions on cybersecurity, phishing prevention, MFA, or other technology areas.