Sophisticated phishing emails are sweeping into students’ inboxes this fall.

The emails are sent from valid Queen’s email addresses, with personally relevant subject lines targeted at users. They direct users to click a link and enter their NetID and password, ultimately compromising their account.

According to Jessica Dahanayake, Sci ’20 and AMS director of IT, the scam may put students’ sensitive banking or personal information at risk. 

“They can send out emails on your behalf, they have access to all of your SOLUS and banking information,”  Dahanayake told The Journal in an interview. “It makes Queen’s students very vulnerable.” 

“The most recent phishing attack, that one was kind of impressive because each email was tailored … I’m not sure how they did it.” Dahanayake said.

Phishing isn’t new to Queen’s and there hasn’t been an increase in the fraudulent emails, Dahanayake said. However, the new breed of email—tailoring its subject and contents to the receiver—is new to Queen’s. 

“A lot of the ones I’ve seen before are very obviously a phishing email. There are spelling mistakes, they [say] you have to reply with your credit card number, a lot of people will not fall for that, but recently they are getting more and more clever.”

Dahanayake hopes to promote technical literacy in the wake of the emails. Informational posters have been put up around campus and Information Technology Services (ITS) offers a security course that covers detecting and dealing with phishing emails.

“You can’t really stop phishing emails from coming in … that’s why education is the best defence,” she said.