notice
IITS urges vigilance and provides safety tips as impersonation emails increase on campus
In today's interconnected world, email is an integral part of our lives. It allows us to communicate seamlessly and efficiently, bridging the gaps of time and distance. However, as the digital landscape continues to evolve, so do the tactics employed by cybercriminals. One particularly concerning trend is the rise in email impersonation attempts.
What is email impersonation?
It’s a deceptive technique used by cybercriminals to trick recipients into believing they are receiving a legitimate email from a trusted source.
These fraudulent emails often mimic official communication from organizations, including universities. The goal is to deceive unsuspecting individuals into revealing sensitive information, engaging in financial transactions or downloading malicious attachments. The consequences of falling victim to these scams can be severe, ranging from financial loss to identity theft.
“Impersonation attempts are on the rise, alongside other cyberthreats. It is important to note that no organization is immune to these types of attacks, including universities,” says Mike Popoff, chief information security officer for Concordia’s Instructional and Information Technology Services (IITS).
Tips to avoid being impersonated
To shed light on this issue and provide guidance, Popoff emphasizes the importance of remaining vigilant and adopting a proactive stance against these threats. To that end, he shares some valuable insight and actionable tips to help keep yourself safe from being impersonated:
- If something seems wrong, validate: Sometimes, attackers will use a fake email address to make it appear as though the email is from a trusted source. If you are unsure about the email's authenticity, try to verify the sender's identity through a different means of communication, such as a phone call or text message.
- Be cautious with personal information: Avoid sharing sensitive personal information, such as your email address, password, or security question answers, through email or other insecure channels. Be particularly wary of requests for personal information in unsolicited emails.
- Use your Concordia email accounts for communication: Concordia’s email infrastructure is carefully managed by IITS with strong security settings, access controls and advanced spam and malware features in place to safeguard sensitive information.
- Be consistent with your communication channels: When you consistently use the same email address, it becomes familiar to the people you regularly communicate with. This familiarity helps build trust and reduces the chances of falling for impersonation attempts or phishing attacks that may come from different email addresses pretending to be you.
- Regularly monitor your email account: Keep an eye on your email account for any unusual activities or suspicious emails that may indicate someone is impersonating you. Report any fraudulent activity to your email service provider.
Popoff notes that while these tips will provide some protection against being impersonated, it's equally important to practice good email security habits, such as using strong and unique passwords, enabling multi-factor authentication, being cautious of suspicious emails or attachments and keeping your devices and software up to date.
Beyond individual changes, community engagement is one of the most important tips in combatting email impersonation attempts. All faculty and staff should do Concordia’s mandatory phishing training on the KnowBe4 platform annually to stay up to date on tools and knowledge available to reduce data breaches.
"We are all in this together. If you suspect an email to be fraudulent or encounter any suspicious activity, please report it immediately to IITS. Your vigilance can make a significant difference in protecting yourself and the Concordia community."
Find out more about Concordia’s Instructional and Information Technology.