Current threat - University of Waterloo vendors being targeted by look-alike domains, phishing, and procurement fraud attempts
University of Waterloo vendors are being targeted by malicious email imposters.
Learn more about these threats and how to protect yourself. Always verify the sender's address before replying to any suspicious email.
Received a call or online message from the "CRA"?
- Do not provide any personal information over the phone or via email.
- Hang up the phone if you suspect the caller is not who they say they are.
- Do not reply to any online messages you receive from senders claiming to be the CRA.
- Do not click on any links in emails allegedly sent by the CRA.
- Verify the validity of a call or message by calling the Canada Revenue Agency yourself.
Think you've been compromised?
- Report the incident to The Canadian Anti-Fraud Centre by calling 1-888-495-8501.
- Contact your local police department.
- Contact the Canada Revenue Agency to prevent fraudulent use of your personal information.
- If your social insurance number (SIN) has been stolen, contact Service Canada at 1-800-206-7218.
What is phishing?
Phishing is the act of contacting people via telephone, email or text message while impersonating government or business officials with the intention of stealing private information and data to commit identify theft and financial theft.
Financial spear phishing threats are referred to as finphishing. Read more about this growing threat.
How do I identify a phishing attempt?
What can I do to protect myself against phishing attempts?
- Use email spam filters to block out potentially harmful emails.
- Think before you click on links in messages that appear to be from legitimate senders but are urging you to provide your personal or financial information.
- Use an anti-virus software to help your devices detect malware and phishing attacks.
What do I need to consider when choosing a password?
- Use a complex password that uses a combination of letters, numbers, and special characters.
- Avoid using information that is commonly known about you (birthday, pet's name, etc.).
- Use a passphrase instead of a password.
- Passphrase: a password made up of multiple words.
What is two-factor authentication?
- Two-factor authentication is an extra layer of security that requires you to verify your identity using a mobile .device before allowing you to login.
- Always use two-factor authentication when possible.
What are some password best practices?
How do I keep my personal devices safe?
- Install an anti-virus software on your computer to defend yourself against cyber threats.
- Do not store unencrypted files containing personal information such as usernames and passwords on your computer.
- Don't leave your devices unattended in public areas.
- Don't access your bank or work accounts on public computers.