WARNING: Email Scams Targeting Queen’s Students, Staff & Faculty
Sophisticated phishing emails are circulating - they look real but are designed to steal your Queen’s login, banking info, or money.
If you've shared your info:
🔹 Financial? Contact your bank, local police, and the Canadian Anti-Fraud Centre
🔹 Queen’s login? Change your password immediately
🔹 Immediately contact the IT Support Centre at 613-533-6666
❌ Do NOT respond to the scammer
📨 Report phishing emails here:
For more tips and resources, visit the Queen’s Cyber Security Page.
Stay alert - even trusted accounts may have been compromised.
Grace Kim, student at Queen’s University, receives an email that looks like it came from IT Support at Queen’s. The subject line reads:
“Immediate Action Required: Verify Your Identity”
The email claims: “We detected unusual activity on your Queen’s account. Please verify your identity immediately to avoid losing access. Click the link below to confirm your details.”
The message includes the Queen’s logo, official colors, and even uses an email address that looks very real: ľ±łŮ˛ő±đ°ů±ąľ±ł¦±đ˛ő°Ş±çłÜ±đ±đ˛Ô˛őłÜ.ł¦Î± (Notice the last letter is a Greek alpha “α,” not an English “a” – a sneaky trick!)
Grace feels a bit worried and almost clicks the link. Before doing so, she decides to hover over the link. Instead of showing https://netid.queensu.ca (the official Queen’s Identity Platform), the URL looks suspicious: http://queensu-login-secure.com/identity
Grace clicks anyway (big mistake!) and the page that opens looks exactly like the Queen’s Identity Platform page she uses to reset her password. But something feels off:
- The address bar shows “Not Secure”
- The URL is not the real Queen’s URL
If Grace enters her NetID and password, attackers will instantly steal her credentials and access her Queen’s email, OnQ, and SOLUS.
Luckily, Grace remembers the phishing training tip - Always check the URL and never trust links from unexpected emails. She closes the page and reports the email to IT Services using the .
Key Takeaways:
- Hover before you click. Verify that the URL is the official Queen’s site.
- If in doubt, don’t click! Go directly to the Queen’s Identity Platform from the official Queen’s website instead.
- Always check the sender’s email address carefully. Attackers often use small tricks like replacing letters with lookalikes.
- Compromised legitimate accounts - Sometimes, phishing emails come from real Queen’s accounts that have been hacked. If you’re unsure, don’t reply, contact IT Support directly.
What is Phishing?
Phishing attacks are some of the most common cyber attacks aiming to gain unauthorized access to your data. Cyber criminals have become experts at using sophisticated techniques to trick victims into sharing personal or financial information.
What Does Phishing Look Like?
Phishing is the most common form of attack.
Phishing occurs when someone impersonates a trusted entity through email or posted messages to try and fraudulently obtain personal information, financial information, or access to systems. The email or message prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a computer or mobile device. Completing the action provides the threat actor with information or access to the victim’s account.
Once the threat actor has access to your accounts, they may use this access to carry out a larger cyberattack.
Types of Phishing Attacks
Phishing campaigns are untargeted attempts to solicit personal details by casting as wide a net as possible to get people to respond.
A phishing attempt through SMS (text message).
A hyper-targeted phishing attempt in which a message is designed to sound like it’s coming from a source you know personally.
A phishing attempt aimed at a high-profile target such as a senior executive or other high-ranking official in an organization or government department
Involves creating a fake website to get someone to share their personal information.
How to Protect Yourself from Phishing Attacks
There is no simple way to ensure you are fully protected against phishing campaigns.
Phishing campaigns are becoming increasingly elaborate, and the growth of digital platforms, like social media, has given cyber criminals many opportunities to reach victims. The recommendations below can help you protect yourself from phishing attacks:
- Be extremely cautious any time you receive a message that asks you to reveal personal information – no matter how legitimate that message may appear
- Try to verify requests for information through another means
- For example, if you receive an email claiming to be from PayPal, you could reach out to PayPal directly via the contact information on their website to verify the message.
If you're not sure if a message is a phishing attack, check out this Phishing Graphic to learn look for. Remember, most legitimate organizations will never ask you to reveal information through an email or text message.
Reporting Phishing on Outlook Mobile
Spot a suspicious email? Reporting it helps keep everyone safer.
In Outlook Mobile, it only takes a few taps:
- Open the email you suspect is phishing.
- Tap the three dots in the top right corner.
- Select Report Junk, then choose Phishing.
That’s it - the email is flagged and forwarded to Queen's IT Services for review.
📱 Watch the quick video below to see it in action.
Other Resources
This Week's Challenge
Test your knowledge with our phishing quiz. Note that you will be prompted to log in with your NetID and password. When you're ready, click the link below to begin the quiz.
This quiz will collect your name, Queen's email address, and NetID to notify winners of where and how to redeem their prize. Your data will not be shared with any other party or used for any other purpose.