AVÌìÌÃ

Phishing is a common online scam. It involves sending malicious emails, text messages or voice messages that appear to be from someone you trust. Phishing emails will often try to make you click on a malicious link, download malware or reveal sensitive information like passphrases, credit card numbers or your SIN.

Faculty, staff and students at universities have become a major target for phishing attacks that target individuals (like identity theft and blackmail) and institutions (like ransomware attacks and industrial espionage). We can all protect ourselves and our communities by learning to recognize the signs of a fraudulent message.

Online training

Our phishing awareness training course is designed to help UVic employees recognize email and SMS-based scams and fraud. This self-guided course is delivered on Brightspace and takes about 10 minutes to complete.

You can learn more about phishing from the Canadian Centre for Cyber Security:

Phish Bowl blog

We use the blog to analyze phishing messages so you can learn about the patterns and strategies criminals are using. UVic's email filters block hundreds of phishing messages every day, but there are some that get through. Whenever one does, we analyze it on the Phish Bowl.

Simulated phishing

We use simulated phishing campaigns as part of our training strategy. We periodically create email messages that are similar to real phishing messages and send them to UVic email addresses.

If you think you've received a simulated phishing email, delete or report it as you would with any phishing message. If you do engage with it, you'll be redirected to a web page with training.

We don't report on individual people who followed the links or tried to sign in to a simulated phishing page. We do report aggregated statistics about how many people engaged with them.