Fear not – nothing has happened to your device and no action is required.
Nobody likes getting phished, whether it’s for real, or as part of a training exercise like this – but it can happen to anyone, which is why it’s important to be prepared.
Transportation Investment Corporation wants to help you and your colleagues be prepared should a real phish arrive. Help us by providing feedback and comments and reach out to us directly at security@ticorp.ca.
Learn more about spotting phishing emails below.
How could you have identified this phishing email?
Phishing email clues
The sender email address is suspicious.
noreply@securityalert.info does not seem to be affiliated with Transportation Investment Corporation.
The email is coming from an external source.
Be wary of emails that from external sources.
Verbiage and subject in the email creates a sense of urgency.
Phishing emails often create a sense of urgency or fear to provoke strong emotions that affect decision making.
Hovering over all the links reveals that they lead to the same suspicious URL.
Although email filtering systems do a good job of blocking a lot of malicious emails and links, some can still get through. If you see that the link redirects you to an odd URL do not click on the link.
Scammers will also use URL shorteners such as Bitly or TinyURL to mask the malicious site they are redirecting to.
Why is the Transportation Investment Corporation sending out these emails?
Phishing attacks have become more sophisticated over time. Despite best efforts of digital security, some of these phishes still land in employee inboxes. In fact, some are even targeted phishes, like this one.
Fortunately, evidence shows that exposure to practice phishing emails can help people to protect themselves and others from losses when faced with real phishing attacks by increasing awareness of the techniques that cyber criminals use.
For more information, review the initial communication that was sent to provide an overview of the phishing awareness program
What do I need to do?
Falling for a phishing attack can happen to anyone. Nothing has happened to your device and you cannot be identified. You are not required to contact anyone or to report this to your supervisor or TI Corp IT.
If you have a concern about an email you have received and you cannot verify the sender, please use the Report Message/Report button in Outlook