Phishing scam: "Corporate eFax message from "Unknown..."


Recurrence reported November 15, 2017
This same phishing email was reported to the IT Service Desk again. See description below.

Original announcement posted September 28, 2017
There is a phishing email circulating at McGill from eFax Corporation. The email states you have received a fax and prompts you to click on a fraudulent link to view the message. Click on the image to the left to view a larger screenshot. See an example of this phishing message below.

Please DO NOT click on the link or reply to the message. Delete this email immediately! It does NOT come from a McGill source.

This email is a fraudulent attempt to gain access to your personal information. If you have already clicked on the link in this email and submitted any personal information, you should change your McGill Password as soon as possible. See the McGill Password Reset Checklist for instructions.

Tip when sharing documents:

Include a brief, but specific message about the document and context. When receiving shared documents, look for a message that is specific -- don't just open documents shared with the generic message from the document sharing application.

Example of this phishing message:

From: eFax Corporate
Sent: Thursday, September 28, 2017
To:<valid McGill email address>
Subject: (PMX: 8): Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 418-548-0846

Fax message [Caller-ID: 418-548-0846]

You have received a 5 page fax at 9/28/2017 10:11:06 AM.

The reference number for this fax is <FRAUDULENT LINK>

Click on <FRAUDULENT LINK> to view the message

Please visit <FRAUDULENT LINK> if you have any questions regarding this message or your service. You may also e-mail our corporate support department at <FRAUDULENT LINK>.

Thank you for using the eFax Corporate service!


What to do when you receive a suspicious email

If you have received a phishing email or suspect that you have:

  1. Check the list of known IT Security Alerts
  2. If you don't see the one you received, itsupport [at] (contact the IT Service Desk) immediately to report it. Be sure to attach the suspicious message so they can verify its content.

Quick links: