At 11:05 AM on November 6th, an email was sent out to inboxes with the @trentu domain warning against phishing attacks. This is not a new sight for people with an undergraduate student email. In fact, it’s the second email of its kind in four days that Trent IT sent out.

The email states that “Trent IT and other academic institutions across Canada continue to see high amounts of phishing circulating in emails.” Indeed, the half a dozen emails sent out to students since the beginning of the school year indicate that Trent IT is worried about the safety of Trent students and staff emails. 

In talking to my friends at other institutions, the bi-weekly emails about phishing scams appear to be a Trent-specific thing. It is unclear how effective this email campaign is if they need to constantly send out emails to everyone. Connor Stinson, who works for Trent’s IT department, says “It’s hard to tell [the effectiveness] because there’s a lot of turnover in our user base—we have people going in and people going out every year.”

Even if the email campaign is a Trent original, phishing scams themselves are not. In a statement to Arthur from Ian Thomson, Manager of Information Security at Trent said, “The 18-24 age group is documented to be the number one group at risk of scams across Canada.” He continued, “No university is exempt from phishing attacks and related scams.” 

Stinson elaborated, saying that the institution’s email domain can actually be “a target painted on your back.” Phishing scams will often target large institutions because they have thousands of active accounts to monitor and need a very small success rate to get into the system and have access to the personal data of users. 

Stinson was able to explain some of the scams Trent’s IT department keeps seeing. One is “spoofing” where “[An] email will grab a pre-existing email—in particular we have staff that have had their email spoofed—so as a user, it will look like you have received an email from them, when in reality there’s actually a different domain wearing a mask that reads out so-and-so at trentu.ca.” 

Recently, the spoofing emails have taken a particularly sinister bent. Stinson explains that “A popular one we’ve had as of late is someone going around telling [people] ‘we’ve recorded you in sexually compromising positions through the webcam on your computer, give us $1800 in Bitcoin.’ The problem is some of these spoofing attacks are looking like they’re coming from the account that they’ve been sent [to].” 

Even though these emails can be scary and look legitimate (showing up in your sent folder as though someone has actually hacked your account) they aren’t. This means there’s very little that can be done to stop them. It really is just blocking the sender and filtering and deleting the emails. 

Another scam they have been seeing recently involves the impersonation of Trent faculty and administration, using the available directory to get an email address. It then tells the receiver that their account is due to be deactivated and asks them to send their login information. This information can be used to compromise people’s accounts and then use them to contact the rest of the Trent network with the credentials of someone inside.

Stinson also says that the scammers are trying to catch people off guard. Their target is the overworked and overtired student population who do not have the background knowledge to know what is legitimate or not at a quick glance. 

“They are looking to prey on the technologically illiterate, or just the general ignorance about computers to trick people into giving them money,” he explained. 

Phishing scams rely on isolating and scaring people to act on their gut reaction. Taking a moment to breathe and look at an email critically can make all the difference. If you are unsure about the legitimacy of an email, call the IT desk at your workplace or school, go to your local library, or show a friend. It’s better to delete a real email than fall for a scam. If it’s important it can be re-sent. 

If you have lost money, Thomson says to “contact the police, [your] bank, or the Canadian  Anti-Fraud Centre.” If your Trent email has been compromised, contact Trent’s IT department and they will deactivate it for you. Make sure you are regularly changing your passwords and enable Dual-Factor Authentication where you can. 

Stinson also reminds that “For the love of God, don’t click any links.”