WARNING: Email Scams Targeting Queen鈥檚 Students, Staff & Faculty
Sophisticated phishing emails are circulating - they look real but are designed to steal your Queen鈥檚 login, banking info, or money.
If you've shared your info:
馃敼 Financial? Contact your bank, local police, and the Canadian Anti-Fraud Centre
馃敼 Queen鈥檚 login? Change your password immediately
馃敼 Immediately contact the IT Support Centre at 613-533-6666
鉂 Do NOT respond to the scammer
馃摠 Report phishing emails here:
For more tips and resources, visit the Queen鈥檚 Cyber Security Page.
Stay alert - even trusted accounts may have been compromised.
Grace Kim, student at Queen鈥檚 University, receives an email that looks like it came from IT Support at Queen鈥檚. The subject line reads:
鈥淚mmediate Action Required: Verify Your Identity鈥
The email claims: 鈥淲e detected unusual activity on your Queen鈥檚 account. Please verify your identity immediately to avoid losing access. Click the link below to confirm your details.鈥
The message includes the Queen鈥檚 logo, official colors, and even uses an email address that looks very real: 颈迟蝉别谤惫颈肠别蝉蔼辩耻别别苍蝉耻.肠伪 (Notice the last letter is a Greek alpha 鈥溛,鈥 not an English 鈥渁鈥 鈥 a sneaky trick!)
Grace feels a bit worried and almost clicks the link. Before doing so, she decides to hover over the link. Instead of showing https://netid.queensu.ca (the official Queen鈥檚 Identity Platform), the URL looks suspicious: http://queensu-login-secure.com/identity
Grace clicks anyway (big mistake!) and the page that opens looks exactly like the Queen鈥檚 Identity Platform page she uses to reset her password. But something feels off:
- The address bar shows 鈥淣ot Secure鈥
- The URL is not the real Queen鈥檚 URL
If Grace enters her NetID and password, attackers will instantly steal her credentials and access her Queen鈥檚 email, OnQ, and SOLUS.
Luckily, Grace remembers the phishing training tip - Always check the URL and never trust links from unexpected emails. She closes the page and reports the email to IT Services using the .
Key Takeaways:
- Hover before you click. Verify that the URL is the official Queen鈥檚 site.
- If in doubt, don鈥檛 click! Go directly to the Queen鈥檚 Identity Platform from the official Queen鈥檚 website instead.
- Always check the sender鈥檚 email address carefully. Attackers often use small tricks like replacing letters with lookalikes.
- Compromised legitimate accounts - Sometimes, phishing emails come from real Queen鈥檚 accounts that have been hacked. If you鈥檙e unsure, don鈥檛 reply, contact IT Support directly.
What is Phishing?
Phishing attacks are some of the most common cyber attacks aiming to gain unauthorized access to your data. Cyber criminals have become experts at using sophisticated techniques to trick victims into sharing personal or financial information.
What Does Phishing Look Like?
Phishing is the most common form of attack.
Phishing occurs when someone impersonates a trusted entity through email or posted messages to try and fraudulently obtain personal information, financial information, or access to systems. The email or message prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a computer or mobile device. Completing the action provides the threat actor with information or access to the victim鈥檚 account.
Once the threat actor has access to your accounts, they may use this access to carry out a larger cyberattack.
Types of Phishing Attacks
Phishing campaigns are untargeted attempts to solicit personal details by casting as wide a net as possible to get people to respond.
A phishing attempt through SMS (text message).
A hyper-targeted phishing attempt in which a message is designed to sound like it鈥檚 coming from a source you know personally.
A phishing attempt aimed at a high-profile target such as a senior executive or other high-ranking official in an organization or government department
Involves creating a fake website to get someone to share their personal information.
How to Protect Yourself from Phishing Attacks
There is no simple way to ensure you are fully protected against phishing campaigns.
Phishing campaigns are becoming increasingly elaborate, and the growth of digital platforms, like social media, has given cyber criminals many opportunities to reach victims. The recommendations below can help you protect yourself from phishing attacks:
- Be extremely cautious any time you receive a message that asks you to reveal personal information 鈥 no matter how legitimate that message may appear
- Try to verify requests for information through another means
- For example, if you receive an email claiming to be from PayPal, you could reach out to PayPal directly via the contact information on their website to verify the message.
If you're not sure if a message is a phishing attack, check out this Phishing Graphic to learn look for. Remember, most legitimate organizations will never ask you to reveal information through an email or text message.
Reporting Phishing on Outlook Mobile
Spot a suspicious email? Reporting it helps keep everyone safer.
In Outlook Mobile, it only takes a few taps:
- Open the email you suspect is phishing.
- Tap the three dots in the top right corner.
- Select Report Junk, then choose Phishing.
That鈥檚 it - the email is flagged and forwarded to Queen's IT Services for review.
馃摫 Watch the quick video below to see it in action.
Other Resources
This Week's Challenge
Test your knowledge with our phishing quiz. Note that you will be prompted to log in with your NetID and password. When you're ready, click the link below to begin the quiz.
This quiz will collect your name, Queen's email address, and NetID to notify winners of where and how to redeem their prize. Your data will not be shared with any other party or used for any other purpose.