Don’t Worry, it’s a phishing simulation!

This simulated phishing email is part of the University of Ottawa cybersecurity awareness program.

This simulation is to help you prepare for real phishing emails. Always double-check emails before clicking links or entering personal information.

Learn to identify a phishing email

  • Sender: Is the email unexpected or from an unknown sender? Does the display name match the email address?
  • Body/content: Am I being asked to submit or verify confidential information? (examples: passwords, account, or credit card information) Am I being asked to click a link or open an attachment to avoid negative consequences? Is there a sense of urgency to the message? Does the email have spelling errors or bad grammar?
  • Signature: Does the sender match the signature and use proper titles and department names?
  • Date and time: Is the timing of the email suspicious? (such as, after business hours, on weekends)
  • Salutation: Is there a generic, inappropriate, inaccurate salutation? (for example: Dear User)
  • Link: Does the URL start with number, contain misspellings, or have an odd ending?
  • Logo: Is the logo an accurate representation of the organization? Note that brands and logos can be easily copied and are not an indication of real email.
Learn to identify a phishing email infographic uses text in above section. Image includes a sample phishing email message with key concern areas highlighted

What do I do if I get a phishing email?

female holding arms in front of body in x shape
• Respond to the email.
• Click any links.
• Open any attachments.
• Provide sensitive info.
Man holding megaphone in front of mouth with fist raised in the air
Report suspicious messages by using the "Report Message" button in Outlook. Reporting suspicious emails improves email filtering for everyone and is the best way to notify Information Technology about a suspected phishing attempt.

What do I do if I fall for a REAL phishing scam?

REMEMBER: Support centres, legitimate businesses, and financial institutions will never ask you for personal or confidential account credentials via email.

For University of Ottawa accounts

  • Inform your manager immediately
  • Contact the Service Desk about the incident
  • Change your uoAccess password immediately to a strong password. If you’ve reused the password for other accounts, change those to unique, strong passwords as well.
  • Alert colleagues, classmates, family and friends. Let them know about the scam, things to look out for, and to be cautious of messages that may come from your compromised account.

For personal accounts

  • Change your password immediately to a strong password. If you’ve reused the password for other accounts, change those to unique, strong passwords as well.
  • Enable multi-factor authentication/2-factor authentication to add an extra layer of security to your account. 
  • Call your financial institution if account numbers or credit card information was provided so transactions on your account can be monitored.
  • Report the incident by contacting the Canadian Anti-Fraud Centre or by calling 1-888-495-8501. You can also report the incident to your local police department.