Cybersecurity Blog

Don’t enable Excel or Word Macros without reading this – 04/24/17

 

In Microsoft Office’s attempt to make life easier and our work more efficient, they have a handy little tool call a macro.  In its simplest form, a macro allows you to record a series of routine tasks so they can be replicated in an instant using a short cut key. However macros can also be very complicated programs interacting with other applications, making them ideal malware delivery tools for cyber criminals.

For that reason, it has long been a recommendation that macros be turned off or disabled in both Word and Excel. This prevents them from running automatically when a Word or Excel document is opened. As a result, a nasty virus cannot be uploaded onto your machine.

How do you disable macros? In both Word and Excel:

  1. Select File>options>Trust Center.
  2. Click the Trust Center Settings button.
  3. Select Macro Settings from the left menu.
  4. Select Disable all macros with notification.
  5. Click the OK button to exit the Trust Center Settings.
  6. Click the OK button to exit the Trust Center.

Note: Disabling macros in Word does not disable them in Excel and vice versa. You must change the settings in each application.

Once macros have been disabled, whenever you open a document that contains a macro you will be notified and asked if you wish to enable it. Some nice hackers even include detailed instructions on how to do that on the document itself.

DO NOT enable macros unless you know the email sender and have directly confirmed with them that the macros are essential to the functionality of the document. Of course if you have documents that you currently use that contain macros, you can enable them in order to use the documents. Just be aware that with macros enabled, you will not know if a Word or Excel attachment contains a malicious macro until it is too late and your machine is infected.  To prevent unintentional downloading  of malware, it is recommended you call the email sender to verify an attached Word or Excel document is legitimate before you open it.

Note:  This article applies to macros in Word and Excel. If your department uses Access databases that contain macros, they may not function if the macros are disabled. Please talk to your supervisor before you disable macros in Access.

Latest scam: The fake Whatsapp voicemessage – 04/18/17

 

Coming soon to an inbox near you, an email from Whatsapp notifying  you that a voice message is awaiting your response. The email includes a handy Play button so you can listen to the message without having to open Whatsapp.  So thoughtful of them. Of course clicking the Play button loads your computer with malware allowing the criminals to steal your identify or encrypt your files and hold them for ransom.

This is yet another reminder not to click on links/ buttons/ attachments/photos in unexpected emails.  Criminals are getting more and more creative and sophisticated, crafting emails that are getting harder and harder to detect as fake. However, you can avoid becoming a cyber crime victim by simply adopting the practices of:

  • Being fully present when reading your emails.

Criminals count on you being distracted when you read your email. The majority of attacks occur on the day before a long weekend when users are not paying attention to what is in their inbox. They click not because they don’t know better, but because they aren’t paying attention.

  • Visiting known sites or apps directly.

If you receive any kind of notification from any organization or application, visit the site or open  the application directly. If it is legitimate the same information that is in the email will be found on the website or in the application.  Do not trust the email.

  • Calling  people from your contact list to confirm that they sent an email.

If you recognize the sender, do not assume the email came from them. Cyber criminals can hack your contact list and make it look like a trusted friend sent you a nice cat video. Call the sender directly and confirm that they sent the email.

 

 

Android banking malware targets hundreds of apps on Google Play – 04/18/17

 

It has happened again.  Funny Videos 2017 is just one of hundreds of legitimate apps on Google play have been infected with malware. This latest version of malware interacts with the user’s bank and credit card apps, placing a fake login page over the official one.  The fake login page collects the user’s login credentials and gives the cyber criminals full access to the user’s bank account or credit card.

Google has removed the infected apps from Google Play. Unfortunately that doesn’t help the users who fell victim. How do you reduce the possibility of being a victim of an infected app?  Before you download an app:

  • Read user reviews
  • Install anti-virus software on your phone

In addition, don’t download apps that ask for unusual permissions (ie. asking for the ability to change settings). Once an app is downloaded, if your phone start behaving unexpectedly uninstall it immediately. If the behavior continues, perform a factory reset on your phone.

Cyber safety information to share with your family – 04/12/17

Attendees to my Protecting yourself Against Cyber Crime workshop have been asking for the slide deck to share with family and friends. The presentation covers just the basics and includes several slides that allow you to test your ability to spot a phishing email.  Haven’t taken the workshop yet?  Join us on April 18th, registration is through the Employee Training page on MyMRU. Don’t have time for a workshop, complete the online training in Blackboard.

New phishing email targeting the Mount Royal community – 04/07/2017

A new phishing email is making the rounds at Mount Royal. The cyber criminals use an official sounding name and reference a fund transfer to entice people to open a password protected Word document.

As a password protected document adds a sense of legitimacy to a phishing email, ITS has decided to block all incoming emails that have password protected Office documents as attachments. If you have a legitimate need to receive a password protected Office document, please contact the ITS Service Desk.

New login screen for Google a privacy concern – 04/07/2017

 

On April 10, 2017 Google will start rolling out a new login screen. It will begin with limited release and then widen until all users are converted over. The new screen will no longer give you the option to Stay signed in. Instead all users will automatically be connected to Google/Gmail/Google Drive with this feature enabled.

Why is this a concern? Well, if you are using a public workstation in the library, a classroom or meeting room and you log out of the workstation you will not be logged out of Google/Gmail/Google Drive. The next user who starts up that workstation and opens Google Chrome will see all of your emails and files on display.

Starting today, we are asking that all faculty, staff and students logout of Google/Gmail/Google Drive before they logout of any computer or device that is not their own.

If you have any questions or concerns, please contact the ITS Service Desk.

Airline email scam catching 90% of users – 04/07/2017

 

A group of cyber criminals are having a lot of success with the latest spear phishing campaign. They are mining social media  for information on where and when you may be traveling. Using this information they send out fake airline reservation confirmations or receipts that look just like the real thing using an email address that looks legit.

Many of these emails contain links to sites that look like the real thing, asking you to enter your username and password and encouraging you to open an attachment or click on a link that loads malware. The loaded malware allows the criminals to hack into the network.

These criminals are clever enough to vary the format of the email and the delivery method for the malware, making it more difficult to detect.

If you receive a confirmation for a flight or a receipt, do not click on any links or open any attachments.  Instead, go to the website of the airline directly using a URL that you know is legit and check your account or reservation on the site itself.

If you do click on one of these links or open one of these attachments, please disconnect from the network and call the Service Desk at 403-440-6000 immediately.