“The University is inundated by upwards of 70,000 phishing and spam emails per month,” says Mathieu Bertrand, uOttawa’s chief information security officer. “Some are so sophisticated they can bypass security filters. Every term, a small but significant number of students are victimized by cybercrime — sometimes for hundreds or, occasionally, thousands of dollars. We’ve strengthened our defences, including a major upgrade to our anti-phishing and spam protections, but the most effective defence is our community and their capability to spot scams before they can harm you or someone you care about.”
Here are the top scams targeting students, and some tips to stay safe.
1. Job offer phishing
The threat: You receive an email or DM with a lucrative, too-good-to-be-true opportunity for a part-time job, research position or remote-only job. The message asks you to provide personal details or complete an attached “contract.”
The defence: Always verify the opportunity with the department that posted it or with a known contact person. For uOttawa positions, only share details through trusted applications like the Work-Study Navigator. Don’t send your SIN, banking information or signed documents until you’ve confirmed the source of the job posting or offer.
2. Late tuition fee email scams
The threat: An urgent message claims your tuition is overdue and includes a “pay now” link or an address for sending e-transfers. The message may warn of penalties for late payment.
The defence: Don’t follow links or transfer money via email. Instead, log into uoZone by entering the URL (uozone2.uOttawa.ca) directly in your browser, and then check your Statement of account. Or you could contact InfoService to confirm any charges.
3. Malicious QR codes
The threat: A fake QR code appears on a poster, in an email or on social medi a. QR codes make sharing links easy, but scammers can use them to direct you to fake websites, download malware or gain access to your device.
The defence: Preview the URL before scanning the code, only use codes from trusted sources and never enter your credentials on a site accessed through an unfamiliar QR code. If you’re unsure whether a code is genuine, search for the information online.
4. Overdue rent and landlord scams
The threat: A person posing as your landlord, property management company or roommate pressures you to pay rent immediately via an e-transfer, app or unfamiliar link.
The defence: Always confirm payment details in person or by calling a previously verified phone number. Treat any new account or payment method as suspicious until you’ve verified it using your normal methods of contact.
5. Mysterious links and attachments
The threat: You receive an email with an unexpected attachment, URL or shortened link. These links and attachments can carry malware or steal your credentials.
The defence: If you weren’t expecting a file, contact the sender directly (not by replying to the email), scan attachments with antivirus software and hover over links to preview the destination before following them.
6. Impersonated professors asking for gift cards
The threat: A scammer posing as a professor or TA asks you to buy a gift card urgently.
The defence: Faculty members almost never request gift cards. Confirm the request with the professor directly, and don’t send any sensitive information.
7. Spoofed email accounts
The threat: A scammer disguises their email to look like a legitimate uOttawa address so they can exploit your trust.
The defence: Always check the sender’s full address — for example, john.jones@uOttawa.ca is legitimate, while john.jones@u0ttawa.ca (with a zero replacing the “O”) is fake. Look for subtle hints such as the external email warning, logos that look off or other signs of phishing. When in doubt, confirm the message through Brightspace, your faculty office or a phone call.
Protect yourself: Stop, think and check
When you get unexpected or unsolicited messages, take a mindful pause: stop, think and check. Ask yourself these questions:
- Does this request make sense?
- Why would the sender need me to do this?
- Is the sender requesting private information, like passwords or sensitive data?
- Is the message unexpected or pressuring me to act quickly?
Cybersecurity starts with awareness. Trust your instincts, and rely on family and friends to help you if something feels off. Digital defence starts with you!