Security is everyone's responsibility. Part of that responsibility is learning how to recognize and respond to phishing emails. Be mindful of what links and attachments you open from emails and NEVER give out your account credentials.
You can help keep yourself safe with a security focused mindset based on these tips:
Be aware! Download with care.
- Malicious software is hiding everywhere online. Only download files from trusted sources to prevent unauthorized access to your digital information or devices.
- Searching the name of an application on Google isn't enough to ensure safety - often the first few links in a google search are paid advertised links targetting reputable application names, but lead to unrelated sites.
- Some software repository sites (websites that archive old versions of common software) also include multiple "Download" buttons, several of which may be ads. If you see more than one download button, be extremely cautious.
If you suspect deceit, hit delete.
- If an email, message or voicemail looks suspicious, don’t take a chance. Delete, report, or verify the sender before taking action.
- Email is a common method of initial contact for scammers, and you should treat any message you receive - especially unsolicited and unexpected emails with caution.
- You can use the Phish Alert button in your KPU webmail to report an email to Information Security.
Social media: Part of the fraud toolset.
- Do not conduct official business, exchange payment, or overshare personal information on social media platforms. Scammers can use this information to create scams that mimic people you know.
- Always be certain of the identity of the person you're communicating with on social media. When dealing with payments or sensitive information, use other means of communication to confirm their identity.
- Social media pages can be used to gather information about you, your friends, and your family for the purposes of scamming you.
Is your password strong?
- Prevent unauthorized access to your digital life. Use unique, strong passwords, and keep them private.
- Reusing passwords worsens breaches. Using unique passwords prevent a single-site breach from spreading.
- Password managers store all your passwords and generate strong and unique ones. You can access your accounts by logging into your password vault with a single master password, which should be long, unique, and kept confidential.
- Do not store your email password in your password manager - if your password vault becomes compromised, your email can be used to reset all your compromised accounts.
Double up your defenses
- Enabling Multi-Factor Authentication (MFA) reduces the risk of unauthorized access, even if your password is compromised.
- We strongly recommend enabling MFA anywhere it is available - especially on work, school, financial accounts, and on password managers.
- KPU will be supporting MFA on student accounts as of September 19, 2023. You can learn more about MFA at KPU on our MFA for Students page.
For more information to keep yourself safe online, see our device security and safe computing habits pages.
If you have any concerns around information security at KPU, you can reach out to the information security team at infosec@kpu.ca
Frequently Asked Questions
How can I check if a shortened URL in an email is fraudulent?
Hover over the URL. If it contains a string of numbers, misspelled words, multiple subdomains, or generally looks suspicious, then without clicking on it, Google the URL. If the first entry does not match the URL you entered, the site is likely fraudulent.
Will the IT ServiceDesk ever ask for my KPU password?
The IT ServiceDesk will NEVER ask for your password. It is important to not reveal your password to anyone.
Does "https" indicate that a site is safe?
No. A URL that begins with "https" only means access to the site is encrypted. The site owner and content could still be malicious.