Skip to main content

Protect yourself against malicious spam

As online threats multiply, here's how to be vigilant about unsolicited emails
April 15, 2019
By Jesse Coady

Emails claiming to be from a trusted institution such as your bank could be an attempt to defraud you. Emails claiming to be from a trusted institution such as your bank could be an attempt to defraud you.

Most of us are familiar with spam — unsolicited emails are a ubiquitous online nuisance. They’re usually not too vexing, however, thanks to the filters in our inboxes.

But as the threats to our online safety evolve, so too does the capacity of spam to act as a vector for them. Phishing scams, for example, are attempts by hackers to fool recipients into providing sensitive personal information. Hackers are also finding new and more advanced ways to evade our filters.

North American security firms agree that the majority of online attacks involving malicious software or malware are the result of phishing scams. Being careful what you open and keeping your computer and mobile software up-to-date helps to protect against nefarious malware such as ransomware, which blocks user access to their computer or files until a ransom is paid. 

“Such attacks are part of the spectrum of malicious spam,” says Michel Robitaille, director of IT Architecture, Security and Planning at Concordia.

“This type of spam embeds malware scripts in attached documents or hyperlinks. This could be a Microsoft Word document, a spreadsheet, a java applet, an exe file or even a link in an SMS message.”

The malware compromises your computer and provides hackers with access to your data.

Given the greater prevalence of online threats today, students, staff and faculty should be increasingly careful around spam.

Here are some key tips for staying secure:

  • Do not open or reply to unsolicited emails. Users should display the email header of a suspicious message to determine if the actual email address is the same as the one displayed.

    “Don’t reply by email, SMS or social media to any notices, whether they’re related to credit, bank, delivery, payment, computer corruption or tech support offers,” Robitaille adds.

  • Never give out personal information via email. A request for personal information from a trusted institution such as your bank or a payment system could be a sophisticated attempt by a hacker to defraud you. Institutions, companies and even Concordia will never request personal information by email. You should contact the institution directly by phone to ascertain the legitimacy of such messages. 

  • Don’t open attachments or links in emails. Links created by hackers will re-direct you to sites that will download malware on your computer. Always ascertain the written address of a hyperlink before clicking on it.


To report a suspicious email, contact the Concordia Service Desk.


Back to top

© Concordia University