Grace Kim, a student at Queen鈥檚 University, feels a rush of excitement when an email pops up in her inbox:
鈥淐ongratulations! You鈥檝e Been Selected for a Paid On-Campus Job 鈥 Apply Now!鈥
The message promises $650/week for a part-time job at Queen鈥檚, and says there鈥檚 no interview required - just click the link to apply.
The sender looks official at first glance: hr.queensu.ca@gmail.com
Grace almost misses it, but then she notices something strange: official Queen鈥檚 emails never come from Gmail accounts.
The email adds pressure:
鈥淧ositions are limited! Apply within 24 hours to secure your spot.鈥
Feeling unsure, Grace decides to ask for help. She walks over to the student services desk, where she meets Mr. Jones, a friendly staff member.
鈥淗i, I just got an email about a job at Queen鈥檚, but it seems鈥 off. What should I do?鈥 Grace asks.
Mr. Jones smiles. 鈥淕ood catch! That sounds like a phishing scam. Here鈥檚 what you should do:
- Don鈥檛 click any links or reply to the email.
- Forward it to phish@queensu.ca.
- Report it as Phishing using your Outlook account.
- Immediately contact the IT Support Centre to report it.鈥
Grace follows his advice - she forwards the email and submits a report through the IT Helpdesk Portal.
Minutes later, the IT Security team blocks the sender and issues a warning to other students. Grace feels relieved, knowing she avoided a scam and helped protect the Queen鈥檚 community.
Key Takeaways:
- Think Before You Click: Spot, Stop, Report!
- When in doubt, ask for help. If an email seems suspicious, check with a trusted staff member or contact IT Support.
- Look at the sender鈥檚 domain. Official Queen鈥檚 emails will never come from Gmail, Yahoo, or other personal email providers.
- Report suspicious emails immediately. Forward them to phish@queensu.ca. For step-by-step instructions on reporting phishing in Outlook, visit:
Security incidents are events that indicate an organization鈥檚 system and/or valuable data have been compromised or threatened. Dealing with a cybersecurity incident in the right way is important - it can be easy to miss something and not fully remove the threat.
Signs that a security incident has breached your systems or applications include:
- The network or Operating System (OS) on your device becomes slower
- Your browser redirects known URLs to different sites (i.e. you want to visit queensu.ca but are directed to a different website)
- Your files and/or servers have been encrypted and you cannot access them
- Your device receives excessive pop-ups
- Your data usage is increasing while your usage remains the same
The most important thing to remember is to ACT QUICKLY. The sooner you take action to report an incident, the less time your data is vulnerable.
Types of Security Incidents
Although phishing is the most common avenue for scammers to access your information, security incidents can occur in several forms. Expand the following menu items to learn more about how your information could be put at risk.
Occurs when unauthorized individuals have stolen sensitive or confidential information. As we grow with technology, more and more digital data is added to our digital world. This data often contains sensitive, personal, and confidential information, and as a result, data breaches have become a popular type of attack. Data breaches can be extremely costly to an organization.
When malicious software is used to damage a computer or network system or to gain unauthorized access to the university's private data. Malware attacks can come in many forms including ransomware, spyware, command and control, and more.
Involves fraudulent communication such as emails, text messages, or social media posts and messages. These fraudulent messages are designed to mimic trusted and reputable sources to deceive target users into revealing their credentials or sensitive personal data. You can check out the content from Week 1 to learn how to protect yourself from phishing.
A denial-of-service (DoS) attack occurs when legitimate users are unable to access an information system, device, or another network resource. This is a common method of attack wherein a target network or server is flooded with fake traffic, which overloads the server and results in a DoS. Services that can be affected by a DoS attack include email, websites, and medical facilities.
Basic Mitigation Measures at 成人大片
Participate in all Security Awareness Training
Queen's provides regular security awareness training to ensure faculty, staff and students (end-users) have a basic understanding of cybersecurity threats. This helps minimize human error and block a possible breach before it occurs.
To see what training is available to you, check out the Cybersecurity Education and Awareness page.
Ensure You Know How to Report a Security Incident聽
Without an end-user鈥檚 input and reports, security incidents can go undetected for long periods of time. When Queen's faculty, staff, and students are aware of the processes for reporting possible security breaches, incidents can be caught before much damage is done.
Learn more about how to report a security incident.
Report ANY and ALL Suspicious Incidents
As an end-user, you are the university's first line of defence when attackers attempt to breach our digital environment. Any security infrastructure can be compromised by human error or failure to report a possible incident.
It is essential for all Queen's faculty, staff, and students to report any and all suspected security breaches, even if it does not appear to be a significant threat.
A Security Threat Is Reported 鈥 What Happens Next?
In response to an incident being reported, IT Services can take the following steps:
- Take action to mitigate the security incident and prevent it from spreading across the university and its affiliates.
- Perform additional investigation to document the scale and severity of the breach and the type of institutional data that was potentially involved.
- Identify all exploited vulnerabilities.
- Revise existing or recreate additional protection/security policies.
Other Resources
This Week's Challenge
Test your knowledge with our cybersecurity reporting quiz. Note that you will be prompted to log in with your NetID and password. When you're ready, click the link below to begin the quiz.
This quiz will collect your name, Queen's email address, and NetID to notify winners of where and how to redeem their prize. Your data will not be shared with any other party or used for any other purpose.