A variety of emails that look like they are sent from a McGill employee are targeting the McGill community.
Staff should question the legitimacy of unusual emails especially if the request involves money, there is a sense of urgency, or the sender is unavailable for confirmation. Recent emails request that you click a link to a OneDrive file.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
These emails are a fraudulent attempt to gain access to your personal information. If you have already clicked on a link in these emails and submitted any personal information, you should call the IT Service Desk at (514) 398-3398 as soon as possible. If no one is available to take your call you should change your McGill Password immediately. See the McGill Password Reset Checklist for instructions. It is still important to follow up with the IT Service Desk after resetting your password to ensure that all the necessary actions have been taken.
If you have simply received a phishing email but have not clicked the link, please contact phishing [at] mcgill.ca immediately to report the phishing attempt.
As a reminder: If you are unsure of the legitimacy of the email request, you should verify with the sender by contacting them directly.
- How to report suspicious emails to the IT Service Desk
- IT Security Awareness Online Course - Focus on Phishing
- Phishing scams and how to protect yourself
- Stay Safe Online
- Stay safe when using your mobile device