間眅埶AV

Phishing Scams

Beware of phishing scams aiming to steal your personal information. Read more on how to protect yourself.

What is phishing?

NOTE: Under no circumstances will 間眅埶AV ever request our users to provide or confirm their computing ID and password via email. You should never send your 間眅埶AV password to anyone.

間眅埶AV, like many other universities, is the subject of "phishing" attacks. Phishing is an attempt to acquire sensitive personal information, such as usernames, passwords and banking information by masquerading as a trustworthy party in an electronic communication. Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website or in a email reply.

The term phishing is a variant of fishing and alludes to the use of increasingly sophisticated baits used in the hope of a "catch" of personal information.

How you can protect yourself

Never send your 間眅埶AV Computing ID and password to anyone. If you receive an email message asking for your 間眅埶AV Computing ID and password:

  • DO NOT RESPOND no matter how official the request seems.
  • Delete the message or select 'Junk' located under the Junk button in the ribbon in the Outlook Web App (OWA). Even responding to the message with content such as "please don't send me spam" simply confirms to the sender that they have contacted a live address and increases your odds of receiving more spam in the future. 
    • If you mark a message as Junk, that sender will then be added to your Blocked Senders list and the message will be put into your Junk folder. This will sync with the Outlook desktop applications.

Reporting Phishing

You may also forward any phishing attempt you receive to abuse@sfu.ca. If the phishing attempt is from or targets 間眅埶AV, please forward the headers from that message to abuse@sfu.ca following the instructions below:

1. Right-click on the e-mail in the message list and select View message details 

2. A window will open with all the message details. Copy the message details and then close the window.

3. Forward the e-mail to abuse@sfu.ca with the message details included. To do so, click Forward in the ribbon.

4. In the To field, enter abuse@sfu.ca. Paste the message details into the body of your forwarded message, and then click Send.

Identifying legitimate 間眅埶AV webpages

A web page is asking me for my 間眅埶AV computing ID and password. How do I know it is legitimate?

Many 間眅埶AV online services (e.g. 間眅埶AV Mail, Canvas, Student Information System) require you to log in with your 間眅埶AV computing ID and password.

Legitimate 間眅埶AV website Phishing website
The website address (URL) for any legitimate 間眅埶AV website requesting your 間眅埶AV computing ID and password will always end in sfu.ca (e.g. mail.sfu.ca, webct.sfu.ca, sis.sfu.ca). The website address (URL) for a phishing site may contain the phrase sfu.ca but may take the form of http://my.sfu.ca.fakesite.com

What to do if you have responded to a phishing message

If you have responded to a phishing message with your 間眅埶AV Computing ID and password, change your password immediately. You can change your 間眅埶AV password on the 間眅埶AV Computing Account Management page .

If your 間眅埶AV computing account has been compromised and subsequently locked, contact IT Services by phone (778-782-3234) or in person (Burnaby Campus, Strand Hall 1001 or Surrey Campus, Area 3505 Podium Level 3).

What is 間眅埶AV doing about phishing?

With each new email scam that we observe, 間眅埶AV system administrators analyze the message and make configuration changes to attempt to block future messages, while being careful not to block legitimate email. Unfortunately, it is impossible to predict exactly what the next scam will look like or where it will come from, so we are unable to stop some of these messages from getting through to your mailbox. When they do, simply delete the message.

To learn more about phishing, visit these links: