phishing email represented by envelope and a character at the top left of envelope that is half professor and half hooded rogue

Can you spot the signs of modern phishing? 

Think you could spot a modern-day email scam?

Spot the scam, which email address is more likely to be fake?  

  1. [email protected] or [email protected]
  2. [email protected] or [email protected]  
  3. [email protected] or Nomen.Nescio@uOttаwа.са

Which did you pick? If the ‘phishy’ email addresses weren’t obvious, read on to learn other ways to spot phishing.  

Phishing uses fraudulent emails, accounts, and websites to gather your personal information or perform malicious activity. Cybercriminals disguise themselves as companies, colleagues, or people you trust to try and steal your information. They prey on your busy life and common online activities.

Today’s email scams are more professional and harder to spot. Spotting a scam is no longer about looking for typos or bad grammar.  It requires a mindful approach. 

Protect yourself from scam emails: Stop. Think. Check.

When an email, direct message (DM) text or phone call seems urgent or unusual, trust your instincts it’s a first warning sign that something is not right. Stop. Think, Check.

  • Stop before reacting. Be wary about opening attachments, clicking on clicks or replying. If you’ve already clicked or sent a reply, stop engaging if you are unsure.
  • Think about whether the request makes sense.
  • Check the message details: the sender email, whether there is an external email banner, URLs pointing to legitimate sites, or even contacting the sender directly through known channels.   

5 questions to identify email scams

Stop. Think. Check. When you receive a email that seems suspicious, ask yourself these 5 questions. If you answer yes to any of these, trust your intuition that it could be phishing and report the suspicious message.  

  • Is this email pushing me to act immediately through threats, intimidation or urgency?
  • Does the request go against normal procedures or protocol of what I usually expect?
  • Does the offer sound too good to be true?
  • Is the sender asking me for something unusual?
  • Does the message sound overly authoritative, like threatening account suspension, punishment, or another negative outcome? 

Suspect phishing? Reporting suspicious emails to improve email filtering for everyone. Messages that are reported are analyzed and help us adjust our cybersecurity practices and strategies.  

mail report

Digital Self-Defence Toolkit to-do 🚩

☑ Try reporting a suspected phishing message in Outlook.

The mindful approach isn’t intended to make your fear every message in your inbox — it’s about approaching email with the same caution you’d use when securing your home. You wouldn’t be afraid to open your front door, but would you be cautious if someone knocked in the middle of the afternoon when you weren’t expecting visitors?

Treat your inbox the same way: many messages are safe and routine, but it only takes a few mindful habits (Stop, Think, Check) to protect yourself, your community and the University from suspicious emails.

So which of the email addresses were suspicious?

  • [email protected] or [email protected] 
    The capital ‘O’ was replaced with a zero. Digits replacing letters are a clear indication of a fake email.  
  • [email protected] or [email protected]  
    An ‘i’ is missing from the word security. A word with missing or rearranged letters takes advantage of users that are busy or that quickly scan emails.
  • [email protected] or Nomen.Nescio@uOttаwа.са 
    If you spotted this one, Bravo! The phishy email address uses homoglyphs (in this case characters from the Cyrillic alphabet) to fool you. It’s hard to spot, which is why you should always Stop. Think. Check. when something feels suspicious. 

Want to improve your cybersecurity awareness? 

Learn more tips and tricks by visiting Information Technology throughoutCybersecurity awareness month. 

A laptop screen depicting a red fish hook catching an envelope, which serves as a warning to watch out for phishing scams
Campus life

Seven cyber scams to watch out for

You’re busy juggling classes, work and your social life, so you may be less alert to online threats — and cybercriminals are seeking to exploit that.