Cybersecurity Blog

Using Public WiFi Safely – 08/29/16

Public WiFi is a lifesaver for your data package.  However, it is a favorite place for cyber criminals to hang out and take advantage of unaware users. Watch the video to find out what you can do to keep your data safe when using public WiFi.

Keeping your Mobile Device Secure – 08/29/16

Our mobile devices have made our lives easier and more fun. However, because they are mobile it is easy to loose them or for someone to steal them.  Also, because they are essentially mini computers, they are also susceptible to malware. Watch the video for some great tips on keeping your mobile device safe.

 

Using Social Media Safely – 08/29/16

Social media is a great way to stay in touch with family and friends. It is also a favorite picking ground for cyber criminals. Watch the video to find out how you can protect yourself and others.

How to spot a suspicious email.

Currently Mount Royal University is being targeted with phishing emails from compromised @mtroyal.ca accounts.  I know what you are thinking…how stupid can you be to fall for a phishing email? Well…here is an example of how sophisticated a phishing email can be. The following showed up in my inbox, twice…from two different senders. How did I know it was suspicious?

internal phishing email with captions

Notice what is missing from your standard phishing email? There is no sense of urgency. You know the sender. The grammar and spelling are correct. It even has a plausible topic and the new Gmail security features didn’t flag the email. This could be a legitimate email. How do you know for sure?

The answer is, you don’t.  The only way to know if this is a legitimate email is to call the sender and ask them if they sent the email.

Before you click, Stop & Think!

Remember, we are only human. With the increasingly sophisticated techniques being used by cyber criminals you may end up clicking on something you shouldn’t.  If that happens, don’t panic.  Be a superhero and stop the cyber criminals in their tracks!! Disconnect your computer from the network and call the ITS Service Desk at 403-440-6000!

ALERT – Increased number of emails with malicious links

University email addresses are receiving an increased number of malicious emails today due to several compromised @mtroyal.ca accounts.

Here is what you need to know:
1. Please be extra vigilant about opening links and documents that you did not expect, even if you know the sender.
2. As a temporary measure to address this issue, internal mail is being checked by Google’s spam filters. Usually, internal messages bypass spam checking, so please check your spam folder if you think that a legitimate email may have been flagged as spam by accident.
3. If you have already clicked on a suspicious link today, please change your password and contact ITS as soon as possible.
If you need assistance or have other questions, contact the IT Service Desk.

Gmail’s New Security Features

In an effort to battle email links that take users to malicious websites and spoofing (cyber criminals sending emails that appear to come from someone you trust),  Google has released two new features for Gmail.
1. A question mark means Google doesn’t trust the sender
Gmail now replaces the sender’s profile photo, corporate logo or avatar with a question mark if the source of the email cannot be authenticated by Google:
When a question mark appears next to the sender’s name:
  • If you recognize the sender, phone them using a number you know is legitimate to verify that they sent the email.
  • If you do not recognize the sender, delete the email.
  • If you need further assistance, contact the IT Service Desk at 403-440-6000.

While this feature is helpful, it will not detect all cases of spoofing. If you receive an unexpected email, contact the sender to verify that it the email is legitimate before you open an attachment or click on a link.

2. A warning appears if a link takes you to a malicious website known to Google
Putting a web link in an email is a common trick used by cyber criminals to make you visit their website so they can infect your computer or collect your personal information. When you click on a link in Gmail, the following warning announcement now appears if it knows the website is malicious:
 
gmail_link_warning
While this is a helpful feature, it will not detect all malicious websites. You still need to be vigilant and avoid clicking on any links that seem suspicious.

Combating Vishing

Vishing, or phishing over the phone is often used by scammers to perform fraud or obtain information that they can use for a cyber attack at a later date. To protect yourself, when a stranger calls follow these rules:
  1. Expect no delay. If you answer the phone and someone doesn’t begin talking immediately, you are being connected to the next available telemarketer or scammer.  Hang up.
  2. Identify who is calling. As soon as you answer the phone, ask who is calling and who they work for. If they refuse to identify themselves or their company, hang up.
  3. Trust but verify. Ask the caller for their phone number and street address, then cheerly tell them you will call them back. Hangup and google the address and the phone number to see if they match the name of the company. Do not use the number that they gave you to call them back. Look up the company website and use the contact number listed there. Legitimate companies want you to call them back and have no issues giving you contact information.
  4. Determine what they want and ask them for details that they should have if they are legitimate. For example, if they are calling about a credit card, ask them which one. They should be able to give you the last few digits on the card or account. If they can’t give you specifics, hang up.
  5. Never respond to inquiries using yes, yup or uh huh. These confirmations can be misused to sign you up for services that you have no interest in. Instead use,  “That is correct” or another type of confirmation. For example, if they ask “Am I speaking to the owner of the house”, respond with “The owner of the house is speaking”.