Spam (phishing emails)

Primary ways you can avoid getting phished | How to report a phishing email | More information

Sadly, there are people in the world who have chosen to make their living harvesting data from unsuspecting users by sending them fraudulent emails with fake links in them. These links usually lead to a venue where one can give away one's credentials or other sensitive data by filling out a form that often looks quite bona fide. The fake emails are called "phishing" emails. When you put your information into those forms, it is said you have been "phished." Consequences of getting phished can include any of the following, and more:

  • Your account gets locked out because your email account is used to send out large quantities of spam to other people
  • Your sensitive data is used to steal your identity and set up things like credit cards in your name

Primary ways you can avoid getting phished

  • Use a spam filter (which most mail services have built-in - UW is currently transitioning to a Cisco spam filtering product from Proofpoint)
  • Be vigilant
    • Hover over links in emails before you click to make sure you're going to the correct address
    • Copy addresses and paste them into the address bar instead of clicking on links in emails
    • Watch for obvious spelling/grammatical mistakes in otherwise official-looking emails
    • Ask a known real person from the source organization if an email is actually genuine
      • E.g. Ask Science Computing if the email requesting that you provide your existing email credentials is real (Note: A real IT person would never ask for your domain credentials!)
  • Set up and use two factor authentication (2FA)

How to report spam and phishing emails

Classic Outlook (Windows desktop client):

  1. Open the suspicious e-mail in a separate window by double-clicking on it.
  2. Click the "Message" tab. 
  3. In the "Respond" section, click the "More" button (You will need to expand the message window to full screen view if you do not see the "More" option).
  4. In the dropdown menu select "Forward as an attachment".
  5. This will create a new e-mail with the suspicious message as an attachment.
  6. Send this attachment to soc@uwaterloo.ca. You can insert any comments in the body of the e-mail to help them with the investigation process.  

New Outlook and OWA (Windows desktop client and web app):

  1. Click on the suspicious e-mail so it's selected.
  2. Click the "Home" tab.
  3. In the "Respond" section, click the "Forward" button.
  4. From the dropdown menu, click "Forward as attachment".
  5. This will create a new e-mail with the suspicious message as an attachment.
  6. Send this attachment to soc@uwaterloo.ca. You can insert any comments in the body of the e-mail to help them with the investigation process.  

Classic and New Outlook (Mac desktop client)

  1. Click on the suspicious e-mail so it's selected.
  2. In the top toolbar, click the "Message" tab.
  3. From the dropdown menu, click "Forward this message as attachment".
  4. This will create a new e-mail with the suspicious message as an attachment.
  5. Send this attachment to soc@uwaterloo.ca. You can insert any comments in the body of the e-mail to help them with the investigation process. 

More information

IST - Email security resources

IST - Identify suspicious email

Submit a Jira Ticket

Related links