Cybersecurity Blog

If it seems to good to be true, it is. 03/20/19

Everyone likes a good deal.  So when one of our analysts found a 2014 Jeep Wrangler Rubicon with less than 50000 km on Autotrader for $11500, his heart skipped a beat. This vehicle was loaded with aftermarket goodies and usually goes for four times the price.  Check her out, she is a beauty!!

 

 

He hoped with all his heart, that this was the real deal. However with the price being so low, his scam detector was running at full power. He contacted the seller and discovered that the vehicle belonged to her father who has just passed away. She knew nothing about jeeps and just wanted to get rid of it. Hmmm, that sounded plausible. He investigated further.

The seller informed him that if he wanted to purchase the jeep he would have to do it through WTC, otherwise known as Wiozacars Trading Corporation. Our analyst did some research and found that it was an escrow company with tons of good reviews from various sources going back several years. Oddly enough, there wasn’t one link in the three pages of search results to the company’s website. Maybe it didn’t have one. This might be legit after all.

Our analyst informed the seller that he was interested but didn’t know anything about WTC and asked for more information. The seller sent him detailed instructions on how to complete the transaction along with a link to the WTC website. That is when things started to fall apart. If the company had a website, why didn’t a Google search find it? He clicked the link the seller provided and found a very beautiful and professional looking fully functional website.

He decided to call their bluff and asked if his wife could look at the vehicle. Never mind that he was in Calgary and the vehicle was in Quebec. By now he was certain it was a scam, however he wanted to see what the sellers would do. Sure enough, after his request all communication stopped and the ad was removed from Autotrader. Scam confirmed.

No matter how badly you want to believe that once in a lifetime deal is the real thing, take the time to do your research. If their website doesn’t come up in a Google search or they are asking to use an unknown third party to do the transaction, walk away.

 

Must Read – MRU inboxes receive malicious Google Drive file share 03/20/19

Another day, another clever criminal trying to break into our network. This time they tried using the Google Drive to do it. Tuesday morning several employees found this in their inbox.

 

 

The Word Doc link is totally legit.  If you click the link, it takes you to this document.

 

 

Clicking the link in the Word document takes you to a legitimate website that has been compromised. The site asks you to login to Office 360 to access the document. Of course if you do, you are giving some miscreant your Office 360 login credentials.  They can then sell your credentials on the dark web or use them themselves to wreak havoc on your data as well as the data of others. Fun, Fun, Fun.

Because the Google Drive file share and the website are legitimate, they won’t be flagged by anti-virus or the firewall. It is actually very clever. However although it may get by the technology, a person can easily spot this as malicious. In fact, we had two different reports sent to abuse@mtroyal.ca about this one. Way to go MRU!!

For those of you who aren’t already yelling at the screen, “Come on, that is so obvious”, I am going to walk you through the red flags.  First one is the email is sent by Benjamin Kuiper from the email address benkuiper3000@gmail.com. Clearly not a Mount Royal email and he is not listed in the directory. Fail number one.

Second, the doc says it was being shared by Benjamin and David Hyttenrauch. This doc was sent to people on David’s team so even though they didn’t know who Ben was, they sure as heck knew who David was. This got the desired attention. However, you can’t send an invite to share one file from two people. Clearly, this Word doc was shared by Benjamin and the sneaky dude entered the rest of the deceiving information into the Add a note field in the Share with others dialog box to make it looks like Dave was involved. Fail number two.

Third, when you open the document it tells you that you  have a file waiting for you on the OneDrive. OneDrive file shares are not sent with links in Word documents. Fail number three.

Lastly, if you were to hover over the link in the Word document you would see that it does not go to OneDrive. Fail number four.

As clever as criminals are, most of them can be stopped by alert employees who take the time to look at emails with links and attachments critically.  As we have seen in this example, the majority of the time phishing emails contain clear clues that something is not right. Don’t get caught up in the emotion of the moment. Like our wonderful employees, take the time to really look and make sure that the email is what it appears to be. Your data, your colleagues and your IT department will thank you.

 

 

 

Your legitimate Android app may contain malware – 03/14/19

 

 

When developers create apps, they often include advertising in exchange for using the app for free. To make their lives easier, they will often use a software developer kit (SDK). This is a bunch of code designed to deliver ads that is created by another developer. Using a SDK can save developers tons of time so they can focus on the unique features of their app instead of reinventing the wheel.

Unfortunately one developer decided to add some special features to the SKD they created. The features turned the innocent adware into malware by hiding the app icon, sending users to specific web pages and opening the Play Store to specific apps. In other words, it made legitimate apps annoying as heck to use and difficult to get rid of. It also allowed the criminals to download apps behind the users back, making the legitimate apps dangerous as well.

This SDK was used in hundreds of apps, allowing the criminals to spread their malware throughout the Play Store and affecting almost 150 million users.

Affected apps

Snow Heavy Excavator Simulator
Hoverboard Racing
Real Tractor Farming Simulator
Ambulance Rescue Driving
Heavy Mountain Bus Simulator 2018
Fire Truck Emergency Driver
Farming Tractor Real Harvest Simulator
Car Parking Challenge
Speed Boat Jet Ski Racing
Water Surfing Car Stunt
Offroad Wood Transport Truck Driver 2018
Volumen booster & Equalizer
Prado Parking Adventure
Oil Tanker Transport Truck Driver
Monster Truck Demolition
Hummer taxi limo simulator
Excavator Wrecking Ball Demolition Simulator
Offroad Gold Transport Truck Driver 2018
Sea Animals Truck Transport Simulator
Water Surfing Motorbike Stunt
Police Chase
Police Plane Transporter
Ambulance Driver Extreme Rescue
Hovercraft Racer
Cars Transport Truck Driver 2018
Motorbike Pizza Delivery
Heavy Excavator – Stone Cutter Simulator
Bottle shoot archery
Offroad buggy car racing
Garbage Truck – City trash cleaning simulator
Tanks Attack
Dinosaur Park – Train Rescue
Pirate Ship Boat Racing 3D
Flying taxi simulator
Jetpack Water
Volumen Booster
Animal Farming Simulator
Monster Truck
Offroad jeep car racing
Flying Car Stunts On Extreme Tracks
Tractor Farming 2018
Impossible Farming Transport Simulator
Volumen Booster
Mustang Rally Championship
Deleted Photo Recovery
Speed Boat Racing
Super Cycle Jungle Rider
My name on Live Wallpaper
Magical Unicorn Dash
Super Cycle Jungle Rider
Love Caller Screen
Racing Car Stunts On Impossible Tracks
Racing Car Stunts On Impossible Tracks 2
Urban Limo Taxi Simulator
Tractor Farming Simulator
Camper Van Driving
Bottle Shoot Sniper 3D
Full Screen Incoming Call
Beard mustache hairstyle changer Editor
Volumen Booster
girlfriend photo editor
Mobile Number Tracker & Locator
Garden Photo Editor
Fortune Wheel
Farming Transport Simulator 2018
OffRoad Tractor Transport
my name on live wallpaper
Flying Ambulance Emergency Rescue
Mustang Driving Car Race
Waterpark Car Racing
Impossible Tracks – Extreme Trucks
Flying Motorbike Stunts
Fire Truck Emergency Rescue – Driving Simulator
Heavy Snow Excavator Snowplow Simulator
Water Skiing
Women Make Up and Hairstyle Photo Maker
Mountain Bus Simulator
Van Pizza
Truck Transport and Parking Simulator
Hoverboard Racing Spider Attack
Motorsport Race Championship
Demolition Derby
Love Caller with love ringtones
House Transport Truck – Moving Van Simulator
Heavy Excavator Stone Driller Simulator
Super Cycle Downhill Rider
Extreme Rally Championship
Missile Attack Army Truck
Caller Location & Mobile Location Tracker
Mobile number locator
My name on Live Wallpaper
City Metro Bus Pk Driver Simulator 2017
Full Screen Incoming Call
Man Casual Shirt Photo Suit
American muscle car race
Offroad Nuclear Waste Transport – Truck Driver
Mad Cars Fury Racing
High Wheeler Speed Race
Number Coloring
Camper Van Race Driving Simulator 2018
Unicorn Float – Speed Race
Dual Screen Browser
Harvest Timber Simulator
Hot Micro Racers
Lara Unicorn Dash
Wingsuit Simulator
Food Truck Driving Simulator
Dog Race Simulator
SUV car – parking simulator
Phone Finder
Phone number locator
Gallery Lock
Secret screen recorder
Face Beauty Makeup
Christmas letters to santa and three wise man
Deleted Files recovery
Dual Screen Browser
Broken Screen – Cracked Screen
Garden Photo Editor
Modi Photo Frame 2
Love Caller Screen
Anti Theft & Full Battery Alarm
Love Caller Screen 2
Voice reading for SMS. Whatsapp & text sms
Name on Pic-Name art
Speed Boat Racing
Train Driving Simulator
Super Cycle Rider
Racing Horse Championship 3D
Move App To SD Card 2016
Pop Toy Creator
Photo Live Wallpaper
Magical Unicorn Dash
Truck Wheel of Death
Live Translator
Volume Control Widget
World cup 2018 football shirt maker
Girlfriend Photo Editor 2
My Photo on Music Player
taxi
Garden Photo Editor
Fortune Wheel Deluxe
Extreme Motorcycle Racer
Offroad Snow Bike – Christmas Racing
Bottle Shoot
Photo Background Changer 2017
Offroad Christmas Tree Transport
Tank Transport Army Truck
Flag face paint: World Cup 2018
World Cup 2018 Teams Flags Live Wallpaper
Selfie Camera
Missile Attack Army Truck
Max Player
Flash Alert – Flash on Call
Photo Video Maker with Music
Brain Games & IQ Test
Audio Video Mixer
Pop Toy Creator 2
Flash on Call and SMS
Heart Photo Frames
Shayari 2017
Photo on Birthday Cake
Nature Photo Frames
Calendar 2018 Photo Frame
Christmas Truck Transport Simulator
Modern Santa – Christmas van drive
Change your voice
Moster vs Water
EDIT Flowers Photo Frames
Photo Video Maker with Music
Toilet Paper Race
Dog Crazy Race Simulator
Luxury Photo Frame
Bike Wheel of Death
World Famous Photo Frames
Heavy Snow Excavator Christmas Rescue
Deleted Files Recovery
Football Results & Stats Analyzer
3D Photo Frame Cube Live Wallpaper
Green Hill PhotoFrame
Christmas Magic Board
Animal Parts Photo Editor
DSLR Camera Blur
Car Photo Frame
Hands Slap Game
4D Maa Durga Live Wallpaper
Men Sweatshirt Photo Editor
Connect Letters. Words Game
Recover Deleted Pictures
Custom Radio Alarm Clock
Anti-spam Calls
Compatibility Test
Dual Screen Browser
Magic Glow Live Wallpaper
Porgy Virtual Pet
Tap the Ball
Clock Live Wallpaper
Royale Stats
Fire text photo frame
Christmas greetings card
Best App Lock
DJ Photo Frames
Auto Call redial
Guess the picture
ProfesionalRecorder

If you have one of these apps on your phone, you should uninstall it. If you are unable to locate the icon, you may have to do a factory reset to remove it.

Sources:

https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/

https://www.zdnet.com/article/almost-150-million-users-impacted-by-new-simbad-android-adware/?ftag=TRE-03-10aaa6b&bhid=28055350847712972261944156227810

 

Don’t want to rely on a phone for 2FA? Use a security key – 03/11/19

 

 

A security key is a small plastic fob that you carry with you or leave plugged into your computer. It replaces your phone as the second factor in  two factor authentication (2FA).  The keys can be used with most accounts that offer 2FA and some can be used to login to your Mac or PC.  Each key has it’s own advantages and disadvantages however the most popular keys available in Canada are made by Yubico.  While there are other manufacturers out there, their keys work with more accounts than any other.

They offer a variety of models, each one with its own set of features. Some stay plugged into your computer. Others you carry on your key chain. Some you can use with mobile devices while others are just for computer use.  It can get a bit confusing trying to determine which key is the best fit for you, however their website does have a quick quiz that can help.

Their most popular and least expensive model is the Security Key. At only $20 US it does everything the average home user needs a security key to do. The only thing it is missing is NFC capability. In fact it is so popular it is currently out of stock.  The good news is they have decided to offer their upgraded key with NFC capability for the same low price.

The key is super easy to set up. Just login to your account and find the 2FA settings. Select security key as your second factor, insert the key and push the button. Voila, the key is setup for the account. When you want to login, you insert your key into your USB port and push the button or tap the key to the back of your NFC enabled phone.

No fussing with verification codes or phone prompts. You do however, have to keep your key with you. As with any other 2FA method. It is a good idea to have a backup plan should something happen to the key. It is recommended that you purchase a second one in case the first one is lost.  The good news is buying two will only set you back $36 US.

The key is water proof and super durable so it will survive being tossed around on your key chain. It is also nice and flat so it hangs easily with your other keys.  Here are just some of the accounts that it works with.

  • 1Password
  • Blogger
  • Dashlane
  • Digidentiy
  • Docusign
  • Dropbox
  • EA
  • Epic Games
  • Eve Online
  • Facebook
  • Google
  • Instagram
  • KeePass
  • Kickstarter
  • LastPass
  • LogonBox
  • MailChimp
  • macOS
  • Microsoft
  • Nintendo
  • PassPack
  • Reddit
  • Trello
  • Twitter
  • WordPRess
  • YouTube

For a complete list of accounts that use Yubicon’s Security Key, visit their website.  If you are serious about using 2FA and don’t want to use your phone, a security key is really the only way to go.

 

 

 

Enabling 2FA on LinkedIn – 03/07/19

 

 

Two-factor authentication (2FA) and it’s cousin two-step verification (2SV) ensure that your account stays secure even if your password is compromised.  Not all account providers offer 2FA or 2SV, however LinkedIn does.

To enable 2SV on your LinkedIn account you must first add your phone number to your LinkedIn profile. To add your phone number to LinkedIn:

  1. Login to LinkedIn.
  2. Click your photo. A menu drops down.
  3. Select Settings & Privacy.
  4. Click the Account tab.
  5. Under Login and security, select Phone numbers.
  6. Select Add phone number.
  7. Select Canada from the drop down list.
  8. Enter your phone number into the text box.
  9. Click Send code. A dialog box appears asking for your password.
  10. Enter your password.
  11. Press ENTER on your keyboard. The verification code is sent to your phone.
  12. Enter the verification code into the text box on your computer.
  13. Click Verify.

To enable two-step verification on LinkedIn:

  1. Login to LinkedIn.
  2. Click your photo. A menu drops down.
  3. Select Settings & Privacy.
  4. Click the Account tab.
  5. Select Two-step verification. You may have to scroll down to find it.
  6. Click Turn on. A dialog box appears asking for your password.
  7. Enter your password.
  8. Press ENTER on your keyboard. The verification code is sent to your phone.
  9. Enter the verification code into the text box on your computer.
  10. Click Verify.

Please note that although I have provided step by step instructions, account providers are constantly changing their privacy settings, features and procedures. They like to keep us on our toes. They certainly don’t want us to start feeling comfortable using their tool.  That might lead us to believing  we are in control of our own privacy and security, that would never do.  Am I sounding bitter? So sorry, that won’t do either. Let’s reset. Please check LinkedIn’s help files for the most accurate and up to date instructions on how to enable 2SV as these instructions may become obsolete before they are even published. Sorry, I tried to reset. I couldn’t do it. Happy enabling!

 

Latest Netflix phishing email showing up in Mount Royal inboxes – 03/08/19

Another day, another Netflix phishing email making the rounds. This one is finding its way into Mount Royal inboxes. It’s very very convincing. At first glance it looks legit. However when you take a closer look, the grammar gives it away. Someone went to a lot of work to get this right, you almost feel sorry for them that they blew it with a grammatical error.  Take a look for yourself.

 

 

If it wasn’t for the grammatical error, you would think this is legit. It has a plausible sender email address and they have the nice little Terms of  Use link on the bottom with the privacy statement. If you were distracted, in a hurry or trying to read this on your phone, you would likely click.

This is a friendly reminder that when you see a link or attachment in an email, that is your cue to stop what you are doing and give that email 100% of your attention. If you cannot, mark it unread and return to it later when you have the time to properly examine it.

 

Must Read – How to print sensitive documents on public printers – 03/07/19

Just don’t. Okay, I admit I am being rather unreasonable. However if you have any other alternative to printing tax receipts, pay stubs, benefits statements and the like, please use it.  We are human beings after all and we get distracted. On a regular basis our techs pick up abandoned print jobs with sensitive information that should not be on public display. Here is the latest one.

With the tax season in full swing, we are seeing a lot of these types of documents left abandoned by their owners.  If you do not have any other means of printing sensitive documents other than using public printers, please take the following precautions:

  1. Check twice to ensure you are sending the print job to the correct printer.
  2. Be standing by the printer as the document is being printed.
  3. If the document does not print, assume you have sent it to the wrong printer and immediately look for it. Do not attempt to print the document again until you are 100% sure it has not been sent to another printer.

Taking these simple inconvenient steps will help prevent miscreants from using  your student number, SIN or other personal information for their gain and your misfortune. It will also keep how much you earn from being the latest water cooler gossip.

 

Why enabling two-factor authentication is more important now than ever – 02/28/19

 

 

Two-factor authentication (2FA) and it’s cousin, two-step verification is available on a variety of accounts such as Google, Facebook, LinkedIn, Yahoo, Twitter and Instagram. When it is enabled, after you successfully enter your password on a strange computer you are asked to respond to a prompt or enter a verification code sent to your phone.  This ensures that even if your password is compromised, your account will stay secure. That is unless the criminal has your phone as well.

If that is the case, you are having one heck of a day and require support that is outside the scope of this article. I hope your phone is password protected and I wish you good luck. I digress. Back to why enabling 2 FA has become so important.

Last month we saw enormous lists of login credentials popup on the dark web. While previously miscreants had to purchase this valuable information, these large collections of usernames and passwords are now available for free. Aspiring Kevin Mitniks the world over can now try their hand at cybercrime, no upfront credential purchase needed.

As a result we have seen a big jump in credential stuffing attacks. Some of them on home security cameras with terrifying results.  Ideally you should have a unique password for each account. However if this particular habit has not yet been entrenched, two-factor authentication will save your bacon

Although registering your email on Have I Been Pwned, will let you know if your password has been compromised, it takes time before a data breach shows up on their radar. With 2FA as soon as you receive a verification code or prompt on your phone,  you know someone has stolen your password. This early warning system allows you to change the passwords on your accounts that don’t have 2FA before any damage is done.

Hopefully I have convinced you that two-factor authentication is no longer something that is nice to have, but is essential to securing your data. The next question is, “How do I start using it?”. Thankfully, there is this really great quick reference guide that walks you through the steps on how to enable 2FA on your Mount Royal email account. And yes, I wrote it…that’s why it’s really great. If you have any questions or need some help with the process, please feel free to contact me.

You can also come down to Main Street on March 13, April 10 or May 7. I will be there with my prize wheel. If you talk to me about two-factor authentication, you can spin and win.

 

Must Read – The MRU impersonators are ramping things up – 02/28/19

 

Phishing emails that appear to come from Mount Royal University supervisors are making their appearance again. This time they are throwing in the whole, “I am going into a meeting with limited phone calls, so just reply to my email”  nonsense to try and keep you from calling the person directly to verify the legitimacy of the email.

Thankfully they are still using lame sender email addresses, so they are pretty easy to spot if you take the time to look. However,  they have started to use a new tactic that is concerning. They some how have gotten a hold of cell phone numbers and are now texting Mount Royal employees asking them to contact the texter immediately as they have a task for them. The messages appear to come from the employee’s supervisor.

How do you protect yourself from social engineering via text message?

  1. Don’t click on links in text messages
  2. Be suspicious of requests that are outside of regular procedures or processes
  3. Don’t give out information that the person you are talking to should already have

A good rule of thumb is, if it doesn’t feel right it probably isn’t.  If you get a strange request from your supervisor, politely let them know you will get right back to them and hang up. Then contact them using an email or phone number that you know is legitimate.

 

Fake Norton Security scam loading malware onto computers – 02/19/19

 

 

Norton is reporting there is a new tech support scam that is impersonating their antivirus software.  This is how it works, after visiting a compromised or malicious website users see a dialog box popup titled Windows Alert. It warns the user that their PC may be infected and asks if they want a 10 second quick scan performed.

Once the user clicks OK in the dialog box, several new windows that look a lot like a Norton security scan start popping up. Of course the scan appears to find a virus and then asks you to download and install an antivirus update. If you proceed with their request,  an annoying piece of malware is downloaded onto your machine. Nasty business indeed!

Unfortunately, Norton is not the only piece of software the scammers are impersonating. These creative criminals have also been impersonating Microsoft 360, prompting users to download driver updates.

The good news is, with a little knowledge you can protect yourself from these types of scams.

What you need to know:

  • Files cannot be scanned for viruses using a website running inside a browser. Only an application running outside of a browser can perform virus scans.
  • You will not get virus scans from applications that are not installed on your computer. Your workstation does not have Norton antivirus installed on it.
  • Drivers are automatically updated on your workstation. You will never be prompted to update them manually.
  • Closing a suspicious dialog box can download malware onto your machine. Close the entire browser window instead.

If you are at home and get a dialog box alerting you of a possible virus infection:

  1. Close the browser window.
  2. Open your antivirus application.
  3. Run a virus scan

If you get virus warning on your workstation:

  1. Don’t click on anything and leave your machine on.
  2. Disconnect from the network.
  3. Call the IT Service Desk at 403-440-6000.

If you get prompted to update an application:

  1. Close the browser window.
  2. Open the application that needs updating.
  3. Select Check for updates from the Help menu.

If in doubt, please call the IT Service Desk. They are always happy to help.