Cybersecurity Blog

Scammers targeting MRU are getting very creative – 07/17/19

In September last year, the first of several targeted email scams arrived in Mount Royal inboxes. Since that time we have see a plethora of these scams spread across campus.  Up to now that have all  been emails from a supervisor asking a report to do a favor for them.

However, we must have ended up on some “the Best People to Scam” list as this week the scams have gotten very creative. First up is a dude in Indonesia contacting Wellness Services to help him sell a helicopter (I actually think this might be legit).  Second up is  an email to the MRFA insisting a charge from their store has appeared on a bank statement (definitely not legit).  Check out the pics!!

 

As entertaining as these emails are, that is not the reason why I am sharing them with you (well maybe a little bit). I am sharing them to give you a heads ups that MRU is being actively targeted and we all need to be on our toes. If you receive any email that is out of the ordinary, please take a closer look at it. If you aren’t sure if it is malicious, forward it to abuse@mtroyal.ca like your colleagues did and we can take a look. Everyone who reports an email gets a cool sticker. Be a superhero and report those malicious emails!

 

Just for fun, try out The Passive Aggressive Password Machine – 07/04/19

 

 

Two enterprising and fun loving fellas, Tim Holman and Tobias van Schneider have obviously lost their patience when it comes to crappy passwords. They have created The Passive Aggressive Password Machine , a website that tells you how secure your password is. However instead of rating the password on a scale, like other websites, it pretends to be your in-laws and gives some very unkind but entertaining feedback.

If you want a good chuckle, check it out. Just remember not to enter your actual password. If you do, make sure you change it afterwards.

 

Must Read – MRU impersonators are spoofing real email addresses 07/03/19

The newest round of MRU impersonators are upping their game. The are now  spoofing legitimate email addresses. To do this, they accessed the source code of the email and changed its header information.  As a result, the displayed sender email address and sender’s name match and are correct. However, any replies to the email are sent to a different email address all together. Take a look.

 

 

Not only did they spoof the email address, but they also included the employees’ email signature. This makes it very hard to determine if the email is legitimate or not.

How do you protect yourself against this type of cyberattack? Easy,  do what your colleagues  did. Call the person who sent the unexpected email to verify that they actually sent it. By making that call, you not only protect yourself but also the person being impersonated.  Without it they have no way of knowing their email account may have been compromised.

To all of you who forwarded the email to abuse@mtroyal.ca, thank you!!  You are superheros! Don’t miss your chance to be a superhero, forward malicious emails to abuse@mtroyal.ca.

 

Fake benefits enrollment email arriving in MRU inboxes – 06/28/19

 

 

The following email is showing up in inboxes around campus.

 

 

This fake email is not from the IT Service Desk.  Normally I would go through and show you all the things that are wrong with this email. However, as many of you have been readers for a while, I thought it would be nice to have some fun with this one.

Take a look at the email and then comment below on what you think flags this email as phishing.  Next Thursday, I will go through the comments and add any that were missed. Let the commenting begin!

 

Another Canadian university targeted by MacEwan-like scam – 06/26/19

 

 

Last week was a rather exciting week for a Canadian university as a scammer tried to convince the university’s finance department  to deposit money into their account. The scammers were thwarted by a Finance clerk who followed procedure.  Yes, the superhero in this story is boring, annoying old procedure. Here is how it went down.

The university was building a new student centre.  So when a Finance clerk received a request for a direct deposit form that looked like it came from the construction company working on the project, they thought nothing of it. They replied to the email request with the form and instructed the company to complete it and forward it to the Finance VP’s admin assistant, as per procedure.

When the admin reviewed the form, everything looked fine at first glance. However when she called the construction company to confirm that they had sent the request, as per procedure, they learned that they had not.

Realizing that they were being targeted by a scammer. The University staff looked closer at both the emails and the completed form. They discovered two things. First the beginning of the email address was  correct, but the word “group” had been added to the end of it.  Second the name of the site manager on the form was correct but the signature on the form was clearly forged. Both of these red flags had been missed. However, because both the admin and the clerk had followed procedure, disaster was adverted.

Unfortunately the City of Burlington in Ontario wasn’t so lucky.  It isn’t know if procedures weren’t followed or if they weren’t in place. However, when they were targeted with a similar change-to-payment scam,  they lost $503, 000 to the scammers.

This is a reminder that procedures are in  place to help, not hinder. We are all human. We make mistakes. However, following procedure  helps us do our jobs successfully and keeps us out of trouble.  Regardless of which department you are in, follow your teams procedures. They are there to help.

 

New email scam impersonates MRFA president – 06/26/19

The following email showed up in MRU inboxes this week.

There are two things that make this email so convincing. First Melanie’s email address is, in fact, correct.  No, her email wasn’t compromised. It was spoofed.   Second, they name a colleague as the person who will reimburse you. A nice touch actually.  With such a convincing email, how the heck are you supposed to know this is a scam? Well, there are a few tells.

First off, the grammar is rather crappy. Not what you would expect from the president of the MRFA. Second, if you try calling Melanie to confirm she sent the email, you get a phone message saying the MRFA office is closed and she isn’t returning messages.  If the office is closed, why would she be sending money to vendors? Third there is a sense of urgency. The email says the money needs to be transferred today. Lastly, she is asking you to take money from your personal account. That is a HUGE red flag. Why on earth would she ask you to take money from your personal account to pay a vendor? Nothing makes sense in this email except the email address and name dropping.

The best way to protect yourself from this type of a scam, is to go slow and question everything. If something doesn’t add up, call the email sender to confirm that they sent the message. If you aren’t sure you can forward the message to abuse@mtroyal.ca and we will take a look at it for you.

That is just what Megan did. Thanks to her quick actions, we were able to track down those who received this message, notify them it was a scam and stop the attack in its tracks. Way to go Megan, you are a superhero!! Be a superhero like Megan, report malicious emails to abuse@mtroyal.ca and help protect your colleagues from scammers and hackers.

For Megans efforts, she will be receiving  a commitment sticker. Want your own sticker? Report an malicious email to abuse@mtroyal.ca or come down to see me on Main Street on August 20th from 10:00 am to 2:00 pm.  Pick up your sticker and spin the prize wheel to win cool swag.

 

 

 

May 31, the last newsletter until June 28 – 05/28/19

 

 

Lucky me is going on vacation for a few weeks. While I am away, the newsletter will take a pause.  I look forward to coming back fully rested and full of inspiration. Watch for new articles focused on busting cybersecurity myths when I return.  Until then, stay safe out there.

 

Reply to emails cautiously – 05/22/19

 

 

Since September, the Mount Royal community has been targeted by a gift card scam.  With this scam, criminals send you an email that looks like it comes from your supervisor asking you if you are available. If you respond, they ask you to purchase gift cards and send them photos of the redemption codes. This past weekend another 300 or so Mount Royal inboxes received one of these scam emails.

Fortunately, we had more people reporting them than we had people responding to them. Some of those that did respond sent out personal information such as where they were located, photos and their plans for the weekend. To our knowledge, no one went as far as purchasing gift cards. We are thankful for that.

Realizing that you gave scammers personal information about yourself just feels creepy. It is also dangerous.  The criminals can then take that information and use it as content in malicious emails that are sent to yourself or others. This makes the emails seem legitimate  increasing the likely hood that someone will be tricked.

In addition to being dangerous, conversing with the scammers encourages them to continue targeting Mount Royal. If they get a response to an email, they know it is only a matter of time before they convince someone to follow through and purchase those gift cards. Ignoring their inquiries will not stop the attempts, but it will reduce their frequency.

The best way to defend yourself from giving out personal information to criminals is to check the sender’s email address before you read the body of the email.  That way you have a better idea of who you are talking to before you respond. They may still be a hacker, but the odds are much smaller. Just by taking this small simple step you greatly reduce your chances of sharing information that you wish you hadn’t.

 

 

Is it spam or is it phishing? 05/23/19

 

 

I am truly delighted with the number of malicious emails that are being forwarded to abuse@mtroyal.ca.  The Mount Royal community is doing a great job of letting us know what to look for and helping us defend their data. There is one question that people keep asking though, what is the difference between Spam and a phishing email? I thought I would take a moment to clarify.

Spam email
  • Goal is to sell you something.
  • It is sent to hundreds or thousands of people at a time.
  • Reading the email does not generate an emotional response.
  • It may or may not contain links
  • Clicking on the links will take you to the organizations website.
Phishing email
  • Goal is to steal your data or use your workstation as a tool to access data on other people’s devices.
  • It can be sent to thousands of people or just one or two.
  • Reading the email generates an emotional response.
  • It may or may not contain links and or attachments.
  • Clicking on the link or opening an attachment takes you to a fake web page and/or loads malware onto your device.

The easiest way to determine if what you are dealing with is spam or phishing is by examining the purpose of the email. If it looks like they are trying to sell you something, then it is probably spam. If it looks like they are trying to confuse or trick you, then it is likely phishing.

Spam emails should be marked as spam by clicking the stop sign icon in the Gmail menu bar. Phishing emails should be forwarded to abuse@mtroyal.ca. If you aren’t sure which one it is, forward it to abuse@mtroyal.ca and we can let you know.

 

Fake package tracking email found in MRU inbox – 05/14/19

The latest phishing attempt is quite lovely.  The criminals have made it purposely vague with the hope that it will peak your curiosity. Here is what is looks like.

 

If  you have recently ordered something online. curiosity could get the better of you. If you click the link, this is what you find.

 

 

You were promised a PDF, which is usually but not always safe to open. However, you are given a Word document instead. It’s the old bait and switch. Having navigated to this point safely, you are more likely download the document. Of course if you do, malware is downloaded with it.

Remember troops, stop and think before you click. Stay safe out there.