There have been a number of fraudulent emails targeting Library users that appear to come from the University of Waterloo. This is called 'spear phishing' and has resulted in compromised accounts. Please ensure the legitimacy of any links before entering personal information. When in doubt, go directly to your library account from our website.
Protect yourself against spear phishing attacks
- Always check the URL of a link before clicking on it. Don't click if the URL isn't at uwaterloo.ca, or if the URL is unusual or difficult to read.
- If the email claims a software or other upgrade is being done university-wide, verify it by checking with your IT Computing Rep or the IST Service Desk.
- If the email is about something that has nothing to do with your job (like dealing with invoices) ignore it.
- Don't open attachments if the message is from an unknown sender, or if the attachment is irrelevant to your job.
- If the email looks suspicious, verify its legitimacy by phoning or discussing it in person with the sender listed in the email header.
- Report suspicious email messages to IST.