Body
Wait, That Was a Test!
You clicked a simulated phishing link as part of our Security Awareness Program. Let us learn how to spot these in the future.
Do not worry! This was only a simulation. Nothing bad happened and you do not need to change your password. We are here to help you learn, not to punish.
Let Us Break Down This DocuSign Phishing Email
| External Email:
This email was sent from outside VIU. Treat links and attachments with extra caution.
|
Red Flag #1: External Email Warning
This email came from outside VIU. If a colleague or department was sending you a real DocuSign, it would come from an internal @viu.ca address without this banner.
|
You've received a completed document that requires immediate action.
REVIEW DOCUMENTS! |
Red Flag #2: Urgency and Pressure Tactics
"Requires immediate action" is a classic phishing trick. Attackers want you to click before you think. Legitimate requests rarely demand instant action.
Red Flag #3: Suspicious Button
Always hover over buttons before clicking. Real DocuSign links go to docusign.net or docusign.com. This link went somewhere else entirely.
|
Please review and sign. Document can only be viewed by your.email@viu.ca
Do Not Share This Email
This email contains a confidential link. Please ensure that neither the message, link, nor access code is shared with others.
|
Red Flag #4: No Sender or Document Details
Who sent this document? What is it about? Real DocuSign emails always include the sender's name and a description of what you are signing. This email has none of that.
|
About DocuSign
The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender.
The information contained in this transmittal is privileged and confidential and may contain Protected Health Information. It is intended only for the use of the individual or entity named above. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this transmittal in error, please immediately notify the sender via telephone at 980-317-3440.
|
Red Flag #5: Excessive Legal and Confidentiality Text
Phishing emails often include walls of legal-sounding text to appear legitimate. This one even mentions "Protected Health Information," a random detail that does not apply to VIU.
What Is the #1 Thing I Could Do
The #1 thing you can do is treat your Inbox(es) like a school zone. Slow down when reading and acting on email.
We are all used to driving 10 km/hr over the speed limit on the highway. That behaviour can translate into our work. We are all super busy, and our attention is split. It is easy to be on autopilot without taking a moment to pause and think about what we are doing. However, I suspect none of us speed in a school zone. We slow down because of the heightened risk and greater impact of making a mistake on that stretch of road.
Email is the highest risk area of your job for being exploited and manipulating you into granting access to or sharing sensitive information.
What Should You Do Next Time?
Tips for identifying legitimate DocuSign emails:
- Hover over links. Real DocuSign URLs contain
docusign.net or docusign.com
- Check the sender. Legitimate DocuSign emails come from @docusign.net or @docusign.com
- Ask yourself: Was I expecting this? Do I know the sender?
- Verify separately. Contact the supposed sender through another channel
- Report it. Use the Report button in Outlook for suspicious emails
- When in doubt, contact IT. We are here to help!