Don't get caught by a Phishing scam

October 03, 2022

Phishing is the theme of this year’s Cyber Security Awareness Month; an internationally recognized campaign held in October and highlights the importance of information security. Over the next month, SFU’s new Information Security Services (INFOSEC) department will be providing you with simple steps you can take to protect your information and bring awareness to various types of cybercrime.

October 13, 2022

What is 'Smishing'?

'Smishing' otherwise known as a SMS (text message) phishing scam, is where cybercriminals trick you into providing personal information through your cellphone carrier.

The text message content can vary but it's usually brief, prompting you to 'tap' on a link. Some examples are:

  • Your shipment has arrived. Click here to accept the delivery.
  • You are recieving a rebate through your cellphone carrier. Click here to receive your funds.
  • Messages from various “authorities" about COVID-19 contact tracing updates and various pandemic-related resources. 

If you do press the link, it’ll take you to a website where you're prompted to provide further personal information so the cybercriminal can:

  • Access your personal or work-related accounts,
  • Commit identity fraud, or
  • Engage in some other type of malicious activities.

Protect yourself from 'Smishing' (Gov't of Canada)

October 06, 2022

Top 3 ways to spot a Phishing scam

1. Spelling mistakes

Phishing scam emails usually have an above average number of grammatical errors. If it's sent from a legitimate organization, chances are formatting and spelling would be almost perfect. 

2. Incorrect sender email address

No large organization will send emails to their employees or clients via a '' account. If the email comes from an address that isn’t affiliated with the apparent sender, it’s likely a scam. Focus on the source of the email and ignore the images, design, and text – they can all be used to trick you.

3. Suspicious attachments or links

If an email has an attached file with an extension commonly associated with malware downloads such as .zip, .exe, .scr, etc., recipients should report the file before opening. Hovering your mouse over a link (without clicking!) will display the real destination URL. If it doesn’t match the legitimate company’s website address, it’s a scam.

Learn more ways to avoid and report Phishing scams

Test your cyber security skills!

Information Security Services offers FREE training modules which give SFU staff, faculty and students the tools they need to reduce the risk of fraud, scams or breaches; a modern-day life skill in keeping your personal information safe.

The Information Security Essentials courses are fun, interactive, and a quick way for the learner to engage with the material. 

SFU Employee login SFU Student login

Cyber Security Awareness Month Resources