Phishing | IT Security | Seneca College

Phishing emails

Phishing emails appear to be legitimate but are trying to trick you. Criminals may try to obtain your private information to conduct identity theft to commit crimes in your name, harm your family or coworkers, or steal from you.

Phishing emails always try to do these two things:

1. Convey urgency: claim there's an urgent problem that only you can fix, or that you can win a prize if you act without delay
2. Convince you to act: encourage you to click a link, open an attachment, log on to an untrustworthy website, or volunteer your personal information

Phishing emails will often pretend to originate from a company you recognize, government authority, or even Seneca College specifically. They can appear to be convincing, but phishing emails often have important differences from legitimate ones:

• Sender does not match the content of the email (e.g., an IT request comes from an unrelated department or faculty)
• Poor grammar and spelling
• Sloppy formatting
• Suspicious claims that only you can solve a problem
• Discourages you from contacting the company to verify
• Language does not match previous emails from the sender (e.g., asking you to purchase iTunes cards, or fix an IT problem)

If you get the feeling that the email you are reading may not be legitimate, examine it more closely to see whether it matches some of these characteristics.

Spam and phishing email protection

Full-time faculty and staff are safeguarded by Seneca's spam and phishing email protection system. This service provides additional defence against email threats such as phishing and malware. 

Seneca's email protection system provides the following primary benefits:

• Clicking a link in an email will test for safety before forwarding you to its destination
• Emails with malicious attachments (such as malware) will be deleted automatically
• Senders of malicious emails will be automatically blocked from contacting you 

While automated email security systems do make email safer to use they are not a replacement for due diligence. Please exercise caution and follow the advice on this page to avoid the harms of malicious email.

What to do if you receive a suspicious email

Do not reply to suspicious emails and do not click any links, including an "unsubscribe" link. If you click a link in a suspicious email please contact the Service Desk immediately without delay; it's much better to report a potentially harmless activity than to hope nothing bad will happen.

If you're uncertain whether an email is legitimate, verify using another channel. For example, if you receive a suspicious email from a coworker, call them - do not reply to the email itself as it may go to a criminal instead of the intended recipient. Likewise, if you receive a suspicious email from a company, contact them via their website or telephone number - do not reply to the suspicious email.

If you receive a phishing email on your Seneca College email address please report it by clicking the Report Spam (red fish) button in Microsoft Outlook, MySeneca webmail, or the Microsoft Outlook app for Android and iPhone.

If you receive a phishing email on your personal (non-Seneca) email address, we recommend sending a copy to the Canadian Anti-Fraud Centre.

Telephone scams

Similar to phishing emails, criminals may pose as legitimate businesses (such as Microsoft or Dell) or government agencies (such as the Canada Revenue Agency or the police) to trick you into giving up your private information. 

Never give your personal information to someone who has called you. If this happens, ask for the name and company of the caller, hang up, look up the main number for the company yourself (don't trust any number they give you), and ask for that person. If they can connect you back to the caller you can verify whether the request is legitimate.

Contact us

If you have any further questions or would like to schedule an email safety presentation for your department please contact the IT Security and Compliance Office at ITSO@senecacollege.ca.