UBC IT does not ask users for password information over email. If you think you may have submitted your UBC CWL or login account credentials to an illegitimate site, go to myAccount to change your password immediately. Also, please forward a copy of the email including full headers to security@ubc.ca and advise of the possible breach of your account.
Recent Phishing Emails
Please see the UBC IT Bulletins website for examples of phishing emails.
Dealing With Phishing
- What is Phishing
- How Do I Know if it is a Legitimate CWL Login Site?
- Email Phishing
- Tips on How to Avoid Phishing Scams
- Report a Phishing Site
What is Phishing?
Phishing is an attempt to trick users into providing their personal or financial information for the purpose of committing fraud – mostly identity theft.
While the primary means of communication are accomplished through legitimate looking email messages and websites, a phishing attack can also occur through phone calls, text messages and other electronic communication methods.
How Do I Know if it is a Legitimate CWL Login Site?
To ensure you are logging into a legitimate CWL website, you need to look out for two visual cues in the URL:
- https – Check that the URL begins with "https." This indicates that you have a secure internet connection and that any transaction such as validating your CWL username and password will be difficult to compromise
- auth.cwl.ubc.ca or ubc.ca – Check this text appears immediately after https://
Email Phishing
Any email message that is asking you for your personal or financial information could be fraudulent. Here are a few phrases to watch out for:
- "Dear Email User" – Phishing email messages are usually sent to many recipients at once, and do not contain your first and last name.
- "If you do not respond within a week, your account will be permanently closed" – Be wary of any email messages that try to create a sense of urgency in order to provoke an immediate response from the customer. These types of messages may even claim that your account has been compromised and that your response is urgently required.
- "Click here to access/verify your account" – Even if the email message claims that their website is secure, clicking on the link will take you to the fraudulent website, that may even look like its legitimate version.
Here is an example of a phishing message – note the spelling mistakes, impersonal greeting ("Dear E-mail Users"), urgent request for a response, and a website address that appears legitimate, but in this case, does not exist.
Date: Sat, 24 May 2008 13:45:49 +0300
From: helpdesk@ubc.ca
Reply-to: upgrade17@googlemail.com
To: undisclosed-recipients:;
Subject: WELLCOME TO THE NEW UBC WEBMAIL
Dear E-mail Users,
The new UBC™ Webmail is a fast and light-weight appliction to
quickly and easily access your e-mail. We are currently upgrading our
data base and e-mail center. We are deleting UBC™ Webmail to create
more space for new email.
To prevent your email from closing you will have to update it below
so that we will know that it's a present used email.
***********************************************
FILL THE FOLLOWING TO CONFIRM YOUR IDENTITY
User ID: ......... .....
E-mail Password : ...............
Choose a Secret Question : ...............
Choose a Secret Answer : ...............
***********************************************
Warning!!! Account owner that refuses to update his or her account
within Seven days of receiving this warning will lose his or her
account permanently.Thank you for using UBC™ Webmail! Access Number:
859480KBM
Thanks,
UBC™ Webmail Center
Tips on How to Avoid Phishing Scams:
- Do not click on links in messages. Hackers will create fake links to send you to a malicious website. Simply viewing the website can allow an attack on your system. Always type the website address in your browser.
- Do not provide personal information about anyone to any organization or person online.
- Do not enter your personal information in a pop-up window.
- Do not send sensitive information via email.
Report a Phishing Site
Reports of suspicious sites asking for CWL username and passwords can be directed to security@ubc.ca.