Don't Get Hooked by this Parking Services Phishing Scam

Did you get an email saying you have a parking citation? It may be a scam.

26 September 2019

A Parking Services phishing scam has been making its way through the UAlberta community. It may seem legitimate at first glance, but a closer look reveals the phish lurking below the surface. Here's what you need to know to stay safe and protect your personal data.

The Scam

Several university employees have reported receiving an email from what appears to be Parking Services. The email informs them that they have a parking citation that must be paid, and in order to do so, the employee must download the attached document (which doesn't exist) or click a link.

Upon clicking the link, the employee is taken to a scam website designed to look like a UAlberta site. Once there, the scam website prompts the university employee to enter their credentials in order to pay off the alleged citation. Unfortunately, that's how the phishers can compromise your personal data.

What to Look For

Below is a sample of the Parking Services phishing email currently circulating the university:

Parking Services phishing email example

While this email may seem legitimate at first glance, there are a few red flags that give it away:

  1. The sender's email address: The phishers are sending this email from a variety of phony email addresses. Even if the address looks legitimate (like in the sample above), verify the sender's email address by hovering over the display name and ensuring that the correct UAlberta email address and business card appear.

  2. The link: The link the phishers ask you to click is not the actual URL for Parking Services or Bear Tracks. No UAlberta website would contain .xyz/ualberta.ca in its URL.

  3. The non-specifics: If you had actually received a parking citation, you would have a physical ticket with a citation number. Nowhere in this email is there a citation number that you could confirm with Parking Services.

What to Do

If you receive this phishing email, do not reply and do not click the link. As long as you don't give up any personal information, this phishing attempt will remain just that: an attempt. Always think before you click, and continue to practice good password management.

If you want to double check the status of your parking account, go directly to the source. Call or email Parking Services, or visit their actual website at /parking-services to check citations or log in to your account.

If you have already received this email and clicked on the link, follow these steps:

  1. Reset your CCID password immediately. Go to https://ist.ualberta.ca/services/ccid-passwords and then select CCID Password Change > Change Password.

  2. Review your Google Drive, Gmail, and Bear Tracks for any suspicious activity. You can see instructions for reviewing your latest Gmail account activity at https://support.google.com/mail/answer/45938?hl=en

  3. If you are a PeopleSoft administrator for your area, please review your latest transactions therein.

  4. If you clicked on the link, and especially if you logged in with your CCID credentials, please contact IST at ist@ualberta.ca or phone 780-492-9400.

  5. If you have any other questions or concerns, contact IST via the information above.

If you are suspicious that you or someone you know may be subject to identify theft or fraud, you can learn more about how to protect yourself from the RCMP.

The Office of the Chief Information Security Officer (CISO) is dedicated to keeping you and the rest of the university safe from cybercrime. You can find more information on phishing and what you need to watch out for from the CISO's phishing article.