Cybersecurity Blog

The PhishAlarm button, the best way to report suspicious emails – 09/23/2022

Updated from 05/26/2022

The PhishAlarm button is the quickest and easiest way to report suspicious emails you find in your Mount Royal inbox.  However, you have to be using Gmail as your email client to have access to it. In addition, if you aren’t an employee you will see the button but will get an error message if you try to use it.

If you are using Outlook or some other application to view your emails or you aren’t an employee,  forward suspicious emails to cybersecurity@mtroyal.ca.

Please don’t forward phishing emails to abuse@mtroyal.ca We can receive 114 phishing reports in a single day and it takes time to filter through them. While we won’t be ignoring emails sent to abuse@mtroyal.ca, forwarding them to cybersecurity@mtroyal.ca will ensure they are identified and responded to in a more timely manner.

To report a malicious email using the PhishAlarm button

  1. Open the email
  2. Click the PhishAlarm button in the side panel. If you don’t see your side panel, click the arrow in the bottom right hand of your screen.
  3. Click Report Phish. A confirmation pane appears.
  4. Click the X to close the confirmation pane.

Not only is the PhishAlarm button super easy to use, it sends the cybersecurity team more information about the email making it easier to investigate. It’s a win for everyone!

On a final note, the PhishAlarm button is designed to notify us of unknown malicious emails. As a result,  you are unable to report emails that are in your spam folder or those that have already been marked by Google as suspicious. This saves the security team time as Google has already taken measures to ensure everyone is aware the emails are malicious so we don’t have to waste resources investigating them. Those messages don’t need to be reported and can simply be deleted.

 

Show off your cybersecurity prowess with digital stickers – 05/26/20

 

 

With everyone working from home, our popular sticker program no longer worked. However, we have come up with a terrific replacement…digital stickers!

Just like before you can earn the stickers by reporting phishing emails. However you can also download them from the MRU Cybersecurity Hub. Instead of putting them on your electronic devices, we are asking people to add them to the end of their email signatures.  Everytime you send out an email, the recipient will get a nice reminder of how to stay cybersafe.

As before, you can still earn contest entry codes for the Cybersecurity Challenge. However instead of sending me a picture of your sticker, just send me an email requesting a code with the sticker in the signature.

Every quarter there will be a new sticker and a new code! Happy collecting!!

 

The online training is changing – 04/24/20

 

If you haven’t completed your cybersecurity or PCI awareness training for 2020 yet, you might want to do that before the end of the month. We have a new training tool that we will be introducing July 1.  As a result we will be losing access to our current training videos and interactive pre-tests on April 30.

To tide us over until the new tool is rolled out, on April 29 I will be uploading new videos with quizzes. However, you will not have the ability to test out of the video and it will take longer to complete the training.  I apologize for the inconvenience, however you can look forward to more targeted training once the new tool is rolled out.

The good news is, you still have a few days to complete the current version of the training.  If you have any questions , please feel free to contact me at bpasteris@mtroyal.ca.

04/27/20  update: There has been some confusion around the security awareness training completion date. The deadline has not changed, you still have until June 30 to complete your mandatory training. The only difference is if you complete it before April 30, it will be easier.

Credit Registration stops a cybercriminal – 04/15/20

Every once in a while I get affirmation that all that I do to try and keep all of you safe is working. This was one of those weeks. I would like to take a moment to toot the horn of Credit Registration.

They receive hundreds of emails from students and prospective students every week. The majority of the time they have no idea who they are talking to.  To reduce the chances they will be cyberattack victims, they have put procedures into place that somewhat verify the sender’s identity. It isn’t fool proof, but it is a good balance between practicality and security. What is truly wonderful is their staff follow their procedures.

This week those procedures were tested and they passed.  Congratulations Credit Registration!

What is a phish bowl and why you should care – 02/27/20

 

The MRU community is made up of a diverse group of people. Some of you just like to forward suspicious emails to abuse@mtroyal.ca without really doing much investigation on your own. Others like to make a game out of looking for phishing red flags.  While still others follow email processing guidelines, just like I have asked.  Thanks to all of you, my job is never dull.

That said, we thought it would be a good idea to give all of you one more tool to help with the challenging job of identifying phishing emails.  IT Services is proud to announce the launch of the MRU Phish Bowl. The Phish Bowl contains a collection of  all the phishing emails that we have received over the past few years.  When you receive an email in your inbox and you aren’t quite sure if it is malicious, you can now search the Phish Bowl for it. If the exact email or a very similar one is posted then you know it is malicious and you can simply delete it.

Each post in the Phish Bowl shows you what the email looks like, points out the red flags and lets you know how to deal with similar emails in the future. Not only is it informative but it is also educational.

If an email doesn’t appear in the Phish Bowl, it doesn’t mean that the email is legitimate. You will still have to use the other strategies that you have been implementing to determine if it is malicious. The Phish Bowl is only an additional tool, not a replacement for your current vigilance.

The Phish Bowl is also helpful for those of you who are not sure if they should forward an email to abuse@mtroyal.ca or not.  If you do a search and find the email already listed, you know there is no need to report it. If it isn’t, then you know you may have a new nasty that needs to be reported.

We will be updating the Phish Bowl as new reports come in.  You can access it here, or from the MRU Cybersecurity Hub at mru.ca/cybersecurity. Look for the Phish Bowl link in the section titled Stay Informed.

 

Students can now take the survey – 11/14/19

 

Last week we launched the Cybersecurity Survey. Unfortunately the survey contained an error that kept students from completing it. The survey is now fixed.

If you had tried to complete the survey but were unable to, please give it another try. Your entry into the $50 gift certificate to the Table is waiting.

Thank you for your patience. We apologize for the inconvenience.

Take the Cybersecurity Survey and win a $50 gift certificate to the Table – 11/06/19

 

It’s that time of year again when we look back at how we have done for the last 12 months and determine how we can improve. It is cybersecurity survey time!!! Yes, you  read correctly the Cybersecurity Survey is ready for your input.  Whoo hoo, I can just feel your excitement!

The good news is for completing the survey, you earn a contest entry code for the Cybersecurity Challenge. The better news is we have a sponsor for this year’s survey. I know there will be those of you who were looking forward to winning a grab bag of swag. However you sick folks are going to have to settle for a gift certificate from the Table.  That’s right, the terrific folks at NetApp are donating a $50.00 gift certificate. !

To get your free food, you only need to take 5 to 10 min to complete the survey. Your feedback helps shape the cybersecurity awareness program for the next year.  Remember we want to know what you ARE doing not what you should be doing. The survey is completely anonymous, so you are free to be 100% honest. The contest draw is independent of the survey so you can give us your anonymous feedback and still enter. You have until November 30, 2019 to complete the survey, we will do the draw that day. We look forward to hearing from you!

Complete the survey

Sponsored by

The Cybersecurity Challenge begins October 1, 2019 – 09/26/19

 

 

Cybersecurity Awareness Month begins October 1 and with it the Cybersecurity Challenge. There are a variety of activities planned for the month that staff, students and faculty can participate in.  Each time a staff or faculty member participates in one, they earn a contest entry code. Each code earns them one chance to win a $250.00 gift certificate from Best Buy.  Their entry also counts as one point for their team. The team with the most points wins the Golden Superhero Award!

 

The Golden Superhero Award!!

 

Although students are welcome and encouraged to participate in cybersecurity activities, they cannot enter the draw. This year the challenge runs from October 1, 2019 to October 1, 2020. So you have a whole year to participate in activities and earn contest entry codes.  Earn codes by:

  • Reading the Cybersecurity Newsletter
    • Random newsletters will contain codes throughout the year. Read the newsletter weekly to find the codes.
  • Participating in a Main Street event
    • Come down to Main Street and participate in that month’s activities. Everyone who participates gets a code and a spin of the prize wheel.
  • Attending Lunch n Learns
    • Come see speakers present cybersecurity topics. Codes will be given at the end of each talk.
  • Attending a movie screening
    • Come down to the Ideas Lounge in the Library and watch fascinating documentaries on cybersecurity. Codes will be given at the end of the film.
  • Participating in Hack the Box
    • Put together a team or participate on your own. Your code is locked inside the box. Can you solve the puzzles and hack your way in?
  • Completing online Security Awareness Training or a Security Awareness Workshop
    • You get the same code whether you attend a workshop or take the online training.
  • Displaying a cybersecurity awareness sticker
    • Send me a photo of where you have put your cybersecurity sticker. Your photo will be put on the CSAM website and you will receive a code in return.
  • Reading the cybersecurity posters and slides
    • Scan the posters and TV screens across campus to see if you can find the codes. There is a new one every quarter.

On Tuesday, October 1,  grab your colleagues, fire up your team and start collecting codes! Then Every Monday, check the Leaderboard and find out who is the team to beat. For more details on the Challenge, visit Cybersecurity Hub.

 

Basic IT Security Awareness 2019 training course coming down – 08/30/19

 

It’s that time of the year again. Time for the old cybersecurity training to go down and the new one to go up. If you haven’t completed Basic IT Security Awareness 2019, you still have a couple more days to finish it up. Tomorrow evening it will be disabled and the grades will be archived. Sunday, September 1 the new course Cybersecurity Awareness Training 2020 will go live. This new course has great new videos and some updated content.

You have until June 30, 2020 to complete the new training course. At that time the course will be taken down. Please put this date into your calendar.

If you take PCI training, you do not have to complete this new course. Your PCI training contains the same cybersecurity information as this one does.

I hope you enjoy the new training course. If you have any questions, comments or concerns please contact me at bpasteris@mtroyal.ca

May 31, the last newsletter until June 28 – 05/28/19

 

Lucky me is going on vacation for a few weeks. While I am away, the newsletter will take a pause.  I look forward to coming back fully rested and full of inspiration. Watch for new articles focused on busting cybersecurity myths when I return.  Until then, stay safe out there.