What is Phishing?
A standard trick hackers use is sending an email that appears to come from someone you trust. The email urges the recipient to click a link to verify their account, update an “expired” password, or open an important attachment. The email may look real with company logos, links, and branding, but beware – you may have received it from an illegitimate source. We recommend you report phishing attempts by declaring them as phishing to BCIT’s Cyber Security Office. This helps to perform necessary remediation, which has helped save many accounts from potential breaches.
How to report a Phish?
A quick and easy way to report phishing emails from your BCIT mailbox exists.
- Select one or more emails you’d like to report from Outlook.
- Select Report, then select Report phishing or Report junk in the dropdown list.
What to do after you’ve been Phished?
- Change all your passwords for the accounts that have been compromised. Using a different password for each site or account is highly recommended. If you are concerned about keeping track of your passwords, you should use a password manager, for example, BitWarden or 1Password.
- If your identity is stolen, please report it to firstname.lastname@example.org. We also encourage you to get in touch and report the matter to your bank(s) and or a credit agency.
- In case of an identity theft, actively monitor your bank and credit card accounts for suspicious transactions.
Precautions to prevent future scams and Phishing
- All BCIT external emails have a disclaimer; be cautious when clicking links. Ensure you recognize the sender before opening links or attachments in the email. If in doubt, please flag suspicious emails for IT Services.
- When using the @bcit.ca email, always hover over the link (don’t click) to see if it starts with BCIT’s adopted Safe Link approach.
- If you are not using the @bcit.ca email and notice the link is different, that indicates the source is probably illegitimate and is a phishing attempt.
- Subscribe to breach notifications from haveibeenpwned. This will notify you of any breach associated with your email address and the online provider.