Phishing scam: "Library Account Expiration"


Published: 20Jun2018

There is currently a phishing scam targeting the McGill community about library accounts expiring soon. The email invites users to click on a link to "reactivate their account". View an example of the message below. 

McGill's information security team has prevented the attack from reaching most McGill inboxes, and the fraudulent link has been blocked from the McGIll network; however, it is still active from outside our network.

Please DO NOT click on the link or reply to the message. Delete this email immediately! It does NOT come from a McGill source.

This email is a fraudulent attempt to gain access to your personal information. If you have already clicked on the link in this email and submitted any personal information, you should change your McGill Password as soon as possible. See the McGill Password Reset Checklist for instructions.

If you have received a phishing email or suspect that you have, please itsupport [at] (contact the IT Service Desk) immediately to report the phishing attempt.

Quick links:

Example of this phishing message:

Dear Staff/Student

Your access to your library account is expiring soon due to inactivity. To continue to have access to the library services, you must reactivate your account. For this purpose, click the web address below or copy and paste it into your web browser. A successful login will activate your account and you will be redirected to your library profile.

My Library Account [FRAUDULENT LINK]

If you are not able to login, please contact Ruth Jenkins at r.enkins [at] for immediate assistance.

If you have any questions please check with the library in question from the following list:

You can view the library's fines policies at