Dealing with Phishing Emails

Dealing with phishing emails

  • A phishing email asks you to perform an action. Usually the action is clicking on a link or opening an attachment. However, hackers can also ask you to wire money or forward confidential information.
  • If you follow the action you experience financial loss, data loss or identify theft.

Before you click on a link or open an attachment:
  • Give the email 100% of your attention
  • Read the email on a large screen
  • If you know the sender or they are a affiliated with MRU, contact them by phone to verify that they have sent the email
  • If you know the organization, visit their website using a bookmark or Google search result
  • If you do not know the sender, the organization or they are not affiliated with MRU consider it a phishing email

If you receive an email and you are not sure what to do with it, use the Processing Emails Flowchart. However, if it is not feasible or practical to follow these guidelines, look for phishing red flags before you click on a link or open an attachment.

If you receive an email with any of these red flags, it may be a phishing email.Phishing Red Flags

  1. Do not click on any links or open any attachments. However, it is safe to read the email.
  2. If the email refers to Mount Royal or appears to be from someone in the Mount Royal community, forward it in its entirety to to let IT Services know the email needs to be blocked.
    Notes: If the email is in your Spam folder do not forward it, it has already been reported. If the email is general in nature, go to step 3.
  3. Select Report Phishing to let Google know the email needs to be blocked.

ITS Report Phishing


 Phishing training

As part of our continual efforts to protect the Mount Royal University faculty and staff from phishing attacks, all MRU employees are enrolled in a phishing training program.

At random times throughout the year a fake phishing email is sent out to random MRU faculty and staff members.
  • You are sent to a page that explains what red flags you missed and how to identify phishing emails in the future.
  • If you click on a fake phishing email a second time, the IT Training Analyst contacts you to arrange formal IT Security Awareness training.
  • If you click on a fake phishing email a third time, the IT Training Analyst performs a business process analysis to determine what additional support you require.
No. At no time will anyone besides IT Infrastructure and Security be aware of what you have clicked on.

For more information about the phishing training program contact the IT Security Training Analyst, Bernadette Pasteris at or at 403-440-6329.