Easy? Not quite. It gets harder every year.
Trust your gut
Does something feel off about it? Is it too convenient? Are you being asked for banking, personal information, passwords, or money? Do you feel rushed to respond?
If you answered yes to any of those, don鈥檛 engage!
Some legitimate requests might come across as urgent.
That鈥檚 when you need to follow up using a different method of contact. Never use the same one, because if it is an attack, you鈥檒l just be chatting with the big bad wolf.
Are you expecting it?
If you suddenly get an email asking you to sign a performance evaluation, but your boss hadn鈥檛 told you to expect it, that鈥檚 a red flag.
Sure, your boss might be busy and have forgotten to mention it. So check with them using a different method of contact. If they emailed you, confirm through another channel like MS Teams or better yet, call them directly to be sure it's really them.
Attackers pretend to be people you trust: from IT support technicians, the police, Revenue Canada, and other government officials to a representative of a company you do business with, like your bank. They think you will trust enough to share your personal or financial information.
No matter how rushed the request might seem, pause, breathe, and look for clues. If they鈥檝e contacted you over voice or chat, don鈥檛 be afraid to put an end to the conversation then and there. A legitimate business will understand.
What about physical clues?
Attackers have the same tools at their disposal as the good guys, including AI.
This lets them easily generate professional looking, error-free content. They can also just easily steal and repurpose anything that鈥檚 already publicly available (or that they stole when compromising someone鈥檚 account).
Not all attackers are meticulous, so look for:
Typos and errors
Be cautious particularly if you find spelling and grammatical errors.
Sender's email address
If you鈥檙e a 海角精品黑料 employee, your manager shouldn鈥檛 be emailing you from anything but an @mcgill.ca address. Nor will IT Services, HR, or any other 海角精品黑料 unit.
Unexpected or odd attachments
If you鈥檙e not expecting an email, never click on or open the attachment. Even if it seems to come from a company or person you鈥檝e interacted with in the past, take time to assess if it鈥檚 really legitimate.
Be weary of fake links
Watch out for links that don鈥檛 match official websites. These can be extra tricky to spot - just because it has the company name in it doesn鈥檛 mean it鈥檚 legitimate. An attacker can easily buy a URL containing the word 鈥渕cgill鈥, for instance.
Just like a good detective, you鈥檝e got to look for clues and follow up on them.