Knowledgebase: IT Security
Security: Phishing Emails, Blocking Senders and Managing Junk Email
Updated: 15 July 2020 03:16 PM

What is Phishing?
What is Spoofing?
Faculty and Staff

What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information, or data, such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.


Identifying Phishing and Malware Email

OCADU IT Services will NEVER send unsolicited requests for passwords or other personal information via email.  Messages requesting such information are fraudulent and should be deleted.

Examples of Phishing Emails are fraudulent requests for:

  • Apple ID, iCloud or iTunes Password Resets
  • Social Media Password Resets (Facebook, Twitter, LinkedIn, WhatsApp, Instagram)
  • Banking alerts 
  • Emails that appear to be from OCAD U IT Services, but lack our signature and originate from odd email addresses
  • Any unsolicited email that requests personal information from you in order to commit crime

Identifying Phishing Emails (University of Chicago IT Services)
Identifying Fraudulent Phishing Emails (
Protect Your Privacy Online (

What does a Phishing Email Look like?


Phishing Example

Telltale signs of Phishing attempts from

  • Poor Spelling and Grammar
  • Suspicious Links in email that do not resolve to the correct location:
    dodgy email links
  • Threats
  • Spoofing popular websites

Read more at, or read on below. 


What is spoofing?

Email spoofing is the creation of email messages with a forged sender address, usually with the intent to deceive the recipient into taking some action like clicking a link or downloading a file. There have been reports at OCADU of community members receiving email from a faculty member, or even the President, with an attachment containing a malicious payload. If you recognize the sender but the contents of the email look unusual - please report to:

Consider the following example:

Compare the sender’s name and the email address. Do you recognize them? Do they match?
Example: Sara Diamond <>

Look for the domain, and correct email address. In the example above, neither match, is not our domain. 

More from:

Students: Reporting Spam and Phishing in Gsuite

For any email in your Inbox, you have the option to Report Spam or Report Phishing. Use the context menu for any email to select whether you would like to report it:

Report Spam or Phishing Google

For more information, read 

Students: Managing Filters and Blocked Users

You can also manage filters and blocked users in Gmail. Click the Gear icon > select Filters and Blocked Addresses.

Or, create a search criteria, and create a filter from the search criteria:


Faculty and Staff: Controlling Junk Email in Microsoft Office Outlook 2016 for Mac, Windows, Office 365

You can choose to Mark as Junk or Block Sender in Outlook for Mac 2016: this communicates your preferences directly to Office 365.

1. Select the email, right-click (or control-click) and select Mark as Junk or Block Sender


Use Junk Mail > Mark as Junk or Block Sender

Controlling Junk Email and Blocked in Office 365 Outlook Web Access

1. While logged in to  go to the Settings > Accounts > Block or allow

Outlook Web Access Junk Filters


You can also share your Junk email reports automatically with Microsoft by selecting Mail > Automatic Processing > Junk Email reporting

Outlook Web Access Junk Filters


2. Select Automatically filter junk e-mail.

3. Modify your safe and blocked senders list. 


Controlling Junk Email and Blocked Senders in Apple Mail

While Apple Mail does have it's own junk email filter, it does not communicate with Microsoft, and therefore the settings in Outlook Web Access work independently of the junk email filter in Apple Mail. You can set the Trust junk mail headers set by my Internet service provider preference in Mail > Preferences and it will follow the spam rules set by Microsoft Exchange.