Cybersecurity Blog

Mount Royal Community Member gets fake CRA call – 03/09/18


One sure sign that spring is on its way…tax scammers pop up along with the tulips.  Although we are a ways away from enjoying the tulips, the scammers are out in full force. One Mount Royal employee came into work to find this on his voicemail.

Click the far left of the bar to listen to the voicemail message.

Pretty nasty huh? So how to do you know this is a scam?  Simple, the CRA will never phone you and threaten legal action or arrest. They will never send someone to your house to collect payment or to arrest you either.  This was a voicemail, so it was easy to calmly listen to the message and analyze it to determine if it was legitimate.

What do you do if they have you on the phone and they are threatening you? The scammers can be very insistent and believable causing considerable stress and confusion. If you experience a call like that from the CRA, tell them you will call them back and hang up. You can then contact the CRA at 1-800-959-8281.  If there are any issues with your taxes, whoever answers the phone will be able to address them.

Watch out for phishing emails from the CRA as well. As I mentioned in a post last year, the CRA will never email you unless you have given them previous permission to do so and they will never send you an email with links unless you have specifically requested a document.

For more information on how to identify CRA fraud and protect yourself, visit the CRA website.

Threatening voicemail left at Mount Royal – 11/21/17


Yesterday one of our staff members checked her voicemail and found a nasty message from an “Officer” Robert William asking her or her attorney to call him immediately before “the legal situation unfolds”.  Our quick thinking staff member Googled the number, 905-581-1528 and discovered that it was a phone scam.

Had she called them, she would have been asked her personal information including her SIN.  Armed with that info, the crooks would have applied for credit cards and loans in her name, leaving her on the hook for the payments.  Only after months of paperwork and expensive legal fees would she have been able to clear her credit record and name.

This is just a reminder to never give out information people already should have, over the phone, in an email or text.  If someone calls you and tells you they are from your bank, a vendor, the CRA, RCMP or Calgary Police Service:

  1. Ask for their name.
  2. Tell them you will call them back.
  3. Call the organization’s switchboard directly using a number that you obtain from a Google search or that you have used before.
  4. Ask for the individual by name.

If they insist that the only way to reach them is through a number that they give you, you know that it is not a legitimate call. If they tell you that they may not be available when you call back, you should be able to have your account or file reviewed by someone else in the same department.

Remember, no legitimate agency threatens legal action over the phone.

ALERT – Word macro virus circulating through Mount Royal University – 11/20/17

Last week I posted about a scary new phishing email making the rounds. This phishing email is hard to detect because if appears as a reply to a previous email and it comes from someone you know. The email reads as follows:


Please see attached and confirm.

A Word document is attached to the email.  If you open the email you get the following notification.

If you follow these instructions,  you give Word permission to run the malicious macro embedded in the document and your machine is infected with malware.  To make matters worse, it will then send out a similar email reply to select people on your contact list spreading the infection.

Several people in the Mount Royal community have already received this email and opened the attachment.  Their machines were infected and are being re-imaged. We are unable to determine who will receive this phishing email next and it is too new for our anti-virus software to detect.

This is only one example of a whole family of malware that uses Word macros to infect your computer.  The good news is, if you have macros disabled by default and you do not Enable Editing or Enable Content as instructed, you cannot be infected.

Some other examples of fake notifications to look out for are:

In each one of these instances, following the instructions will infect your machine with malware that could spread to friends, family and colleagues.

How to protect yourself from infection:

  • Make sure Word Macros are disabled by default:
    1. Select File>options>Trust Center.
    2. Click the Trust Center Settings button.
    3. Select Macro Settings from the left menu.
    4. Select Disable all macros with notification.
    5. Click the OK button to exit the Trust Center Settings.
    6. Click the OK button to exit the Trust Center.

    Note: Disabling macros in Word does not disable them in Excel and vice versa. You must change the settings in each application.

  • Verify with the sender before opening any attachments.
  • If you are prompted to Enable Editing or Enable Content, ignore the request.  You do not need to Enable Editing or Content to view a document.

If you are unsure about the safety of an attachment, please contact the IT Service Desk. If you think you have received a phishing email, please forward the entire email to


ALERT – Bad Rabbit ransomware attack – 10/25/17


The US Department of Homeland  Security has issued an alert for the Bad Rabbit ransomware strain. It has crippled organizations in Russia and the Ukraine and has been found in the US. It is only a matter of time before it begins appearing here.

What does it do?
  • It encrypts your files and extracts the login credentials for your computer.
How do I know I have been victimized?
  • Your computer will start to run slowly.
  • You are directed to a webpage that gives you 41 hours to pay the ransom to get access to your files or the ransom will go up.
How do you get infected?
  • When visiting a legitimate website, a pop up appears asking you to install Adobe or the Adobe Flash Player.
  • Downloading and installing either of these programs installs the ransomware.
What is IT Services doing to fight this attack?
  • Our anti-virus is up to date.
  • We are actively monitoring systems to detect any abnormal activity on the network.
What can I do to fight this attack?
  • If you are prompted to download Adobe Flash Player or Adobe:
  1. Close the browser tab that contains the prompt.
  2. Open a new browser tab and visit
  3. Search the Adobe website for the application and download it from there.
  • If you are a victim, disconnect from the network immediately (pull the network cable or disconnect from WiFi) and contact the IT Service Desk at 403-440-6000.

If you have any questions or concerns, please contact the IT Service Desk.

Latest Windows update patches 62 vulnerabilities – 10/11/17


In past posts I have talked about the importance of keeping your computer up to date by shutting it down each night. This week that is more important than ever. On Tuesday MIcrosoft released its latest updates for Windows, Office and other software which includes patches for 62 different vulnerabilities.

What is so important about patching these vulnerabilities? Hackers have known about some of these for a while and have already created malware that takes advantage of them. Keep your machine secure, shut down your machines this afternoon and get your updates.

ALERT – Phone scam targeting Mount Royal University – 10/11/17


Residence Services is reporting voice mail messages are being left on their phones threatening legal action if the call is not returned. The callers are requesting banking information and are calling from a 705 area code.

If you ever receive a threatening phone call requesting banking or personal information over the phone:

  1. Politely inform the caller you will call the organization or institution directly.
  2. Hang up.
  3. Call the organization or institution directly using a phone number that you know is legitimate. Do not use a phone number given to you by the caller.

Remember, if the call is legitimate you will be able to contact the caller through their organization/institution general contact number. If you cannot, you know the call is a scam and can ignore it.  For more information on phone scams, check out the Crime Stoppers Telephone Scams page.


Alert – Mount Royal Target of Spear Phishing – 05/05/17

Mount Royal employees are being targeted in a new high impact email phishing campaign. What makes it so alarming?

  • The email sender is David Docherty and it appears to be coming from his Mount Royal email address.
  • It disguises its malicious intent by using a friendly tone and it doesn’t contain a link or attachment that usually accompanies a phishing email.

However, it should raise a red flag because normal payments are not requested this way. Take a look:


The personal information is blocked out to protect the user’s privacy.


How do you protect yourself against this type of attack?

  • Always pay attention when processing your emails.  Do not multitask.
  • Be familiar with your department’s procedures and processes. Anytime you receive an email that goes against those procedures or processes, you should contact the sender directly to confirm it’s legitimacy.

Remember, just because an email looks like it comes from someone you know, doesn’t mean it is. Just because an email doesn’t contain links or attachments, doesn’t mean it isn’t malicious.

Huge kudos to our people in Finance who identified this. You are our superheros!!

Alert – Fake Invitations to View a Google Doc – 05/03/17


There are two new phishing emails that are making the rounds with fake invitations to view  Google Docs.  They are both very clever and they are both sent from someone that is in your contact list. The first one is a bit easier to spot as it looks something like this:

The personal information has been blocked out to protect the user’s privacy.


For those of you who have received an Invitation to View a Google Doc before, it is easy to pick up what is amiss with this email.  However for those of you who haven’t, this is what a legitimate Invitation to View a Google Doc looks like.  When you click the Open in Docs button, the document is opened for you.


The second phishing email is more sophisticated in that it looks a lot like a legitimate Invitation to View a Google Doc.  The only thing missing  from the email is the name of the document. However if you click on the Open in Docs button instead of viewing the document, a dialog box appears asking you for permission to access your email. This is the tip off that something is awry. Google Docs does not need access to your email to function.

If you see a dialog box instead of a document when you click the Open in Docs button, DO NOT CLICK on anything. Disconnect your computer from the Internet and call the IT Service Desk.  If you want to learn more about this phishing campaign, check out the CBC article.

As these latest phishing campaigns show, criminals are getting more and more sophisticated in the development of their phishing emails.  It is getting harder and harder to determine what is a legitimate email and what is a scam. To avoid becoming a victim of cyber crime, verify the legitimacy of all unexpected emails containing links or attachments regardless of who they come from.

McAfee Logo Has Changed – 05/02/17

McAfee's New Logo
McAfee’s New Logo


Just a heads up for staff and faculty.  If you take a look at your task bar in Windows and see a new icon, don’t worry it’s just McAfee’s updated logo. McAfee is the antivirus software that is loaded onto all Mount Royal workstations. Don’t have the new logo yet? Don’t worry the logo is updated in stages, it will eventually be your turn. If you have any questions or concerns, contact the ITS Service Desk.

New phishing email targeting the Mount Royal community – 04/07/2017

A new phishing email is making the rounds at Mount Royal. The cyber criminals use an official sounding name and reference a fund transfer to entice people to open a password protected Word document.

As a password protected document adds a sense of legitimacy to a phishing email, ITS has decided to block all incoming emails that have password protected Office documents as attachments. If you have a legitimate need to receive a password protected Office document, please contact the ITS Service Desk.