Skip to main content

Cybersecurity

UFV/Cybersecurity/Stay cybersecure at UFV/Keep your email safe/Spam & phishing FAQs

Spam & phishing FAQs

If you receive a phishing email, or if you aren't sure about an email you received, you can forward it to phishreport@ufv.ca. This mailbox is monitored and a member of the Cybersecurity team will get back to you about your report.

Spam is unsolicited, irrelevant, or inappropriate messages sent via email. Most often, spam comes from advertisements - look for an 'unsubscribe' or 'opt-out' link at the bottom of these emails to stop receiving them.

Phishing is a scam where you are tricked into revealing personal and sensitive information such as login credentials and banking details. Look for red flags like a strange sender email address, grammar and spelling errors, or threatening content.

The Outlook Junk Items folder holds suspected spam and junk for your review. Where possible, we try not to block suspected spam emails, and instead, they are sent to the Junk folder for your review.

Learn more about the junk items folder >

When someone sends an email, the sender's address can be forged (spoofed) to disguise its true origins. Just like when you send a letter through the post, you can write a return address on the envelope. But nothing prevents you from writing a different return address than your own; anyone could send a letter and put anything they want as the return address on the envelope. Email works the same way: when a server sends an email message, it specifies the sender, but this sender field can be forged (i.e., spoofed). There are many reasons an attacker might spoof an email, such as pretending to be someone you trust (like your boss) or to evade spam filters.

Step 1: Look at the sender’s full email address – In Outlook, you may hover your mouse cursor over the profile image to see the full address. Ask yourself:

  • Do I know this person or organization?
  • Does the email domain (@example.com) look right?
  • Does the address make sense compared to the name of who sent it? E.g., if it's claiming to be a UFV employee but sent from an unknown Gmail address, this should raise caution.

Step 2: Look at the content of the message.

  • Are there obvious grammar, spelling or punctuation issues?
  • Does the tone of the message sound right?

Is the message attempting to elicit certain emotions or sense of urgency? Most often, attackers rely on:

  • Greed – offers money, gift cards or rewards for clicking a link or providing information
  • Curiosity – promises an exciting outcome, or is just weird enough that you might be tempted to open it
  • Fear – threatens negative consequences, like shutting down an account, blackmail, or legal action
  • Urgency – requires quick action or gives a short deadline

Step 3: Investigate the links in the content and attached files. (Be careful not to accidentally click a link!)

  • Do the links in the email body go to reputable sites? You can hover over the links to see where they really lead - if you want to go to a particular site, going directly there in your web browser (rather than clicking on a link from an email) can help reduce the risk of being phished.
  • Were you expecting an attachment?
    • Does the file name of the attachment look appropriate?
    • Does the file type (extension) look appropriate? E.g., if you expected to receive a PDF (.pdf), but the file is an executable (.exe), this should raise caution.

To assist students, staff, and faculty to more easily identify phishing emails, UFV Cybersecurity has implemented an External Email Security Warning on all UFV email accounts. When you receive an email from outside of UFV, you will see [EXTERNAL] in the subject line and a yellow caution footer. The warning tag is not an indicator that the email is phishing or fraudulent. It is only a reminder to verify the authenticity of the email before clicking on links, opening any attachments, or responding to the message.

Contact Cybersecurity