Remain vigilant about impersonation attempts

With the new academic year in full swing, we’re noticing an increase in the number of impersonation emails targeting Concordia faculty and staff, as well as students.

These emails claim to be from a wide variety of senior executives, faculty members, or researchers at the university but are in fact bad actors phishing for information. 

What is email impersonation?

This deceptive technique is used by cybercriminals to trick recipients into believing they are receiving a legitimate email from a trusted source.

These fraudulent emails often mimic official communication from organizations, including universities. The goal is to deceive unsuspecting individuals into revealing sensitive information, engaging in financial transactions or downloading malicious attachments. The consequences of falling victim to these scams can be severe, ranging from financial loss to identity theft.

How to protect yourself

To protect yourself against impersonation attempts (phishing), please follow these seven basic rules

1. Be suspicious of unrecognized senders, unexpected emails, and generic greetings.  

2. Pay particular attention to email originating from outside Concordia. These will contain the following messaging: "Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'extérieur du domaine de concordia.ca"

3. Never reply to an official business email sent from a non-official address (eg. from a Gmail, Hotmail, or other free email provider).  

4. Don’t click on links or attachments in emails unless you are expecting them.  

5. Hover over a sender’s email address with a cursor. It can reveal inconsistencies with the name of the sender.  

6. Only open emails from trusted senders.  

7. Watch for mistakes in titles or in the content. 

If you are contacted by an individual, company, or funding agency with which you do not have an established relationship, consider that the email may be phishing or spam.

When in doubt, forward the suspicious email to help@concordia.ca and wait for instructions before proceeding.

Other ways to stay safe

Cybersecurity is everyone’s responsibility. On top of remaining vigilant when opening your email, good cyber-hygiene practices also include secure document storage, using strong and unique passwords, enabling multi-factor authentication and keeping your devices and software up to date.

In order to protect yourself and the Concordia community, we encourage students to brush up on your cybersecurity knowledge with these short information capsules. Faculty and staff can complete our impersonation awareness training as well as phishing training (which is mandatory for all Concordia employees).

For questions or concerns about the legitimacy of an email or other digital communication can, please contact IITS.