Cybersecurity Blog

Fake email from Tim Rahilly arriving in spam folders – 09/18/19

 

This week the campus community is finding a particularly clever phishing email in their spam folders. It looks like this:

 

 

This is the third time our illustrious leader has been impersonated. Although this email is mostly  landing in spam folders, I thought I should bring it to your attention in case it sneaks into an inbox or two.

Your on-the-ball colleague caught this one because they checked the sender’s email address. This is a gentle reminder to follow their lead.  With all emails that ask you to take some sort of action, whether it is opening an attachment, clicking on a link or providing information, always check the sending email address BEFORE you read the email. If the email address is wrong, it is less likely your emotions will be triggered and rational thought will be by passed.

If this darling arrives in your spam folder or inbox, it can safely be deleted.

 

Campuses seeing the “trusted friend” credential stealing attack – 09/06/19

 

 

With the start of the new school year scammers and hackers galore begin targeting students once again. Usually though, it is a complete stranger who is compromising our data not someone we trust. Welcome to 2019 when even your friends cannot be trusted to use your credentials for their personal gain.

A Canadian university has seen a student fall victim to a Snapchat credential stealing attack. The unfortunate student was asked by a trusted friend for their Snapchat credentials. When the student handed them over, their friend then send messages to all of his contacts. The messages explained that he was having trouble accessing a class timetable or a library resource and asked for the contact’s username and password to their school account so they could get the information.

Shortly after, the trusted friend attempted to use the victimized student’s credentials to login to their student account. The attempt was blocked and the account was locked down. As of the writing of this article, we are unaware if the trusted friend was sent any other credentials. However, the victimized student had to do some serious damage control with their friends on their contact list.

This is a gentle reminder not to trust anybody with your login credentials. Not your colleague, not your best friend, not your significant other nor that friend looking for help accessing information. If a friend  or colleague is asking for credentials so they can access information, send them to the IT Service Desk. They will be glad to help.

 

Clever Staples phishing email showing up in MRU inboxes – 09/05/19

Classes have begun and the hackers are betting that employees across campus will be ordering supplies. They have begun sending out fake order confirmations from Staples.  These emails are extremely well done.  Take a look.

 

 

I especially like the note at the bottom that specifically asks you to reply to the email.  Just in case you are suspicious, they have given you some lovely directions that will put you in touch with them.  Very clever.

The only real tell, unless you are super familiar with the email that Staples uses for order confirmations, is the View here button URL that takes you to chainetwork.club. Definitely not Staples.

As with all other emails that come from organizations that you are familiar with, visit their website directly to check orders, confirmations and payments. Do not use links in emails even if they look as legitimate as this one.

 

Basic IT Security Awareness 2019 training course coming down – 08/30/19

 

 

It’s that time of the year again. Time for the old cybersecurity training to go down and the new one to go up. If you haven’t completed Basic IT Security Awareness 2019, you still have a couple more days to finish it up. Tomorrow evening it will be disabled and the grades will be archived. Sunday, September 1 the new course Cybersecurity Awareness Training 2020 will go live. This new course has great new videos and some updated content.

You have until June 30, 2020 to complete the new training course. At that time the course will be taken down. Please put this date into your calendar.

If you take PCI training, you do not have to complete this new course. Your PCI training contains the same cybersecurity information as this one does.

I hope you enjoy the new training course. If you have any questions, comments or concerns please contact me at bpasteris@mtroyal.ca

MRU employees receiving email requests over the phone – 08/23/19

 

 

This week several employees reported receiving calls from someone claiming to be from Adobe asking them if they wished to receive emailed documents about their products.  Those who reported the calls declined, so I can’t say if the calls were legitimate sales calls from Adobe or if they were pretexting calls.  Regardless of which they were, agreeing to be emailed documents usually doesn’t end well.

If the calls are legitimate sales calls, you could be agreeing to receiving hundreds of spam emails.  If they are pretexting calls, the email they send you could have malware attached to it or contain a link to a webpage spoofing a legitimate site designed to steal your login credentials.  To add to the misery, they could then take any information that you have given them over the phone and use it to create additional phishing emails that are almost impossible to detect.

Unfortunately this is the second time that we have had these type of calls on campus. As pretexting is on the rise, I suspect we are going to see a lot more of them in the coming months. This is a gentle reminder to be alert if someone calls you asking you for information they should already have or asks for personal information they shouldn’t know.

If it is a sales call and you are interested in their services, hang up the phone and call the company using a phone number listed on their official website.  If it is from an organization that you know, hang up and call them directly using a phone number you know is legitimate.  Never call them back on a phone number they give you.

 

Phishing email appearing to come from Mailchimp targeting MRU – 08/14/19

 

A rather clever phishing email is showing up in inboxes around campus. Take a look.

 

 

This one is so very clever as the links on the bottom are legitimate. They take you to Mailchimp’s contact info, terms of use and privacy policy. Where things get interesting is if you click on the other links. They all take you to a Google site masquerading as a Mailchimp login page.  A lot of work went into this one.  It is so close to the real thing that only the sender’s email address and hovering over all the links gives you any clue there is something amiss.  The email itself is perfect.

This is quite admirable really, if you forget that they are trying to steal your Mailchimp credentials  and your information that Mailchimp has on file.  When the emails are this good it is hard know whether they are legitimate or not. The best way to deal with them is to visit the organization’s website using a bookmark or search result and check your account information that way.

Kudos to the employee who identified this bad boy and forwarded it to abuse@mtroyal.ca.   If you find a nasty like this sitting in your inbox, do what your colleague did and forward it to us. We will send you a super cool sticker and give you the title of cybersecurity superhero in return.

 

 

MRU targeted by phone – 08/08/19

 

 

This week a rather irritating phone campaign has hit the campus. Phone solicitors are calling employees and asking them to confirm their role. If the employee does, the caller asks if they can send them some email. This particular campaign is more annoying than malicious. However, it provides a great opportunity to review phone safety.

With people becoming more tech savvy and cybersafety aware, it is becoming harder for criminals to score with a simple phishing email. To increase the odds that their potential victims will be tricked, they are turning more and more to pre-texting. The phone is fast becoming their favorite tool.

Typically a target receives a phone call with the scammer pretending to be someone who is trusted or has a right to the information they are asking for.  They will often ask questions that seem innocent enough. However they are gathering information about you and the University that they can use against you later. Armed with enough information, they can create a phishing email that is almost impossible to identify as malicious.

If you receive a phone call from someone who is asking for information they should already have or that they shouldn’t know, politely ask them for the name of their organization and then tell them you will contact them later. You can then hangup and call that organization directly using a number that you have either used before or comes from the organization’s official website.  If you cannot reach the individual through the organization’s switchboard, then you know that it is a scam.

 

 

Iranian hacker group using LinkedIn to deliver malware – 08/06/19

 

 

FireEye has identified a new phishing campaign targeting oil, gas and energy companies as well as utilities and government organizations. The rather clever criminal contacts victims through LinkedIn claiming to be a researcher at the University of Cambridge. Once contact is made, the victim is offered a job and asked to provide a resume.  As part of the application process, they are also asked to go to cam-research-ac.com to download and fill out a document. Of course once they do, malware is loaded onto their computer.

What makes this campaign so concerning is the assumed legitimacy that comes with using LinkedIn to communicate with potential victims. People tend to trust the platform and therefore trust those that use it to communicate. Unfortunately, this trust is misplaced.

When you are contacted by someone you don’t know on any social media platform, treat that communication with the same skepticism as you do with any email message. Just because they say they are from a trusted organization, does not mean they are.  Before you engage in conversation, call their organization and confirm that they are in fact employed there.  A little homework can save a lot of headache.

 

Watch out for fake Equifax settlement emails – 08/01/19

 

 

 

Cybercriminals are sending out fake Equifax settlement emails. These emails are promising free credit monitoring and/or compensation. To make matters worse, they are spoofing the real Equifax settlement page. So if you click on the link in the email, you are sent to a very convincing web page encouraging you to file a claim. Of course, if you fill in their form with all of your personal information you are just sending your data to the criminals.

If you need to file a claim, do so by visiting the FTC website. You can find information there about the data breach and the settlement as well as a legitimate link to the Equifax site.  Do not click on any links in any email that appears to come from Equifax. Visit their site directly using a browser search result or a bookmark. Everything that you need to know you should be able to find there. If not, there will be legitimate contact information you can safely use.

 

No, your password is not going to expire – 08/01/19

The latest phishing email to hit MRU inboxes is a classic. Check it out.

A big thank you to everyone who reported this phish by forwarding it to abuse@mtroyal.ca. You are all superheros! Should this bad boy arrive in your inbox, you can delete it as we are aware of it.  However, if something new shows up please do what your colleagues have done and forward it to abuse@mtroyal.ca. You too can be a superhero!