Skip to navigation content (Press Enter).

SPAM and Phishing

What is SPAM?

SPAM is the term used to describe unsolicited email. In its most benign form, SPAM is nothing more than a waste of resources and a minor annoyance; such as ads for overseas pharmacies or amazing stories about the incredible dog that travelled the globe find his owner and return him his lucky ball cap.  Ironically, among the most common spam that security analysts detect are advertisements for anti-virus and anti-spam software!!  Whether the software actually works or not is another story.  In short, SPAM is usually ads for quasi-legitimate products and charities that actually want to exchange something in return for your hard earned money.

What is Phishing?

Phishing is the nefarious younger sibling of SPAM; it is an email based attempt to acquire unauthorized access to information through misrepresentation.  In simpler terms, it is when someone tries to steal your money by pretending to be your bank or another trusted organization.  Phishing attempts may ask you to provide private information or risk losing access to your social network (Confirm your facebook password now!); they may entice you to click a link to an infected web site with the promise of great reward (win a brand new iPad mini!); or maybe they want a small donation to help the incredible dog find his way through the Lower Himalayan Range.  In any case, they are after your information…account names and passwords, credit card numbers, social insurance numbers.  And ultimately, they are after your money.


It is very easy to protect yourself, as well as your friends, family and colleagues from these bad guys.  Here are some handy tips for safe emailing:

1.       Protect you private information: McMaster University will never, ever ask you for private information via email.  The same is true of banks, government agencies or other large institutions.  You should never provide information about yourself, such as credit card information or passwords to anyone requesting it via email.  If you are concerned about an email that you have received, call the institution that sent it (or, appears to have sent it).  If there is a problem they will help you; if there isn’t a problem they will be happy to learn about the phishing attempt so that they can warn their other clients.

  • Don’t send private information via email.  Email is not a safe media for transmitting sensitive information.
  • DON’T respond to email requests for private information.  A response validates to the attackers that you are real and could make you a target for future attacks; even when you want to respond: “get lost!”, it is better to just delete the message.

2.       Think before you click: If it seems too good to be true, or even just kinda cool…it could be a trap!  The bait used in phishing attempts can be enticing, like an unexpected package or surprise airline tickets; or the bait can be alarming, like a problem with your bank account or that your email account will be closed unless you confirm that it is being used.  If you weren’t expecting the message, don’t trust it. 

  • Don’t open attachments that you weren’t expecting.  The anti-virus software on your computer will scan your email attachments, but it will miss the occasional infection.  When in doubt, throw it out.
  • Don’t follow links sent to you via email unless you are absolutely sure that they are safe.  Check that the link is taking you where it claims by hovering your mouse over it and reading the url in the pop-up.  Better still, Google it and navigate to the site manually.

3.       Know the source: If your trusted Auntie Clara sends you an amazing butter tart recipe, that is probably ok; but if Auntie Clara sends you a link to a scandalous video of your favourite pop-star…Sound the Alarms!!  Email accounts can become compromised, then used to send phishing messages to the contacts in the victim’s address book.  If you have received a message from a trusted source that seems a little out of character, just delete it.  Better still, call them…I’m sure Auntie Clara would love to hear from you.

  • DON’T open attachments or follow links that seem out of character for the sender, even if you

4.       Use a strong unique password: Don’t let your account be the launch pad for an attack against your friends, family or colleagues.  Protect it with a password that is too difficult for even a computer to guess.

  • DO create strong passwords for your accounts.  A strong password is at least 8 characters long and combines upper and lower case letters, numbers, special characters and punctuation.
  • DO create unique passwords for all of your accounts.  The rule is “unique account, unique password”; that way even if the bad guys hack into your twitter account, your bank account is still safe.

5.       Keep it clean: Running a clean machine will help to protect you, as well as your friends and neighbours, against this and other internet threats.

  • DO set up your anti-virus software to automatically install updates.  New viruses are written at a rate of over 100,000 per day! 
  • DO set up Windows, Mac or Linux to automatically install security updates.  Errors are discovered every day in the software that you rely on in your daily life.  Fortunately, the companies that write that software will take responsibility for these errors and release periodic updates and patches to correct them.  Install them to remain current.
  • DO enable your Windows or MacOS firewall.  The firewall is there to prevent others from connecting to your computer without your knowledge.
  • DON’T connect to untrusted networks

Service Bulletins

Citrix Receiver Client Update

UTS asks Citrix users to upgrade Citrix Receiver Client to the most current version by February 28, 2017. See UTS Citrix website for installation and removal information.

Mosaic Upgraded Interface

Service Desk

Client Self Service:
Hours: Monday - Friday
8:30 am - 4:30 pm
Phone: 905-525-9140 x24357 (2HELP)
Location: Main Campus BSB Rm. 245
Service Catalogue:

Great Idea Site

Great Idea