A recent phishing (http://www.queensu.ca/its/security/education-awareness/phishing/phishing-samples) attempt requested users to verify their Office 365 identity by clicking on a link and to confirm their credentials in a webform. The email indicated failure to comply would result in suspension by the "Queensu Administrator."

If you provide identifying information such as your NetID and password, your email address can be used to spam other email accounts or this information may be used to steal your identity and use your personal information. In addition, outsiders having access to the university’s accounts puts Queen’s at serious professional and financial risk.

Please note that a number of initiatives are underway from Information Technology Services that may increase the number of phishing messages requesting your NetID and password credentials.

ITS will never:
- ask for your NetID password
- direct you to a website to confirm your identity
- direct you to a login page that is not secure

Never respond to these emails nor click on links asking you to enter your NetID password.

If you have received a phishing message requesting your NetID and password, please forward it to abuse@queensu.ca.

If you have received a phishing message and clicked on the link on this email or a different phishing email, you should change your password immediately and contact the IT Support Centre (http://www.queensu.ca/its/helpform) for assistance.

The "Is my Queen’s Connection Secure?" page on the ITS website (http://www.queensu.ca/its/security/education-awareness/my-queens-connection-secure) explains how to determine if a site being visited is a legitimate Queen’s website.

For more information about phishing security tips and real examples that have come in through the university, please visit the ITS Phishing webpage (http://www.queensu.ca/its/security/education-awareness/phishing).