Cybersecurity Blog

Scammers targeting MRU are getting very creative – 07/17/19

In September last year, the first of several targeted email scams arrived in Mount Royal inboxes. Since that time we have see a plethora of these scams spread across campus.  Up to now that have all  been emails from a supervisor asking a report to do a favor for them.

However, we must have ended up on some “the Best People to Scam” list as this week the scams have gotten very creative. First up is a dude in Indonesia contacting Wellness Services to help him sell a helicopter (I actually think this might be legit).  Second up is  an email to the MRFA insisting a charge from their store has appeared on a bank statement (definitely not legit).  Check out the pics!!

 

As entertaining as these emails are, that is not the reason why I am sharing them with you (well maybe a little bit). I am sharing them to give you a heads ups that MRU is being actively targeted and we all need to be on our toes. If you receive any email that is out of the ordinary, please take a closer look at it. If you aren’t sure if it is malicious, forward it to abuse@mtroyal.ca like your colleagues did and we can take a look. Everyone who reports an email gets a cool sticker. Be a superhero and report those malicious emails!

 

Must Read – MRU impersonators are spoofing real email addresses 07/03/19

The newest round of MRU impersonators are upping their game. The are now  spoofing legitimate email addresses. To do this, they accessed the source code of the email and changed its header information.  As a result, the displayed sender email address and sender’s name match and are correct. However, any replies to the email are sent to a different email address all together. Take a look.

 

 

Not only did they spoof the email address, but they also included the employees’ email signature. This makes it very hard to determine if the email is legitimate or not.

How do you protect yourself against this type of cyberattack? Easy,  do what your colleagues  did. Call the person who sent the unexpected email to verify that they actually sent it. By making that call, you not only protect yourself but also the person being impersonated.  Without it they have no way of knowing their email account may have been compromised.

To all of you who forwarded the email to abuse@mtroyal.ca, thank you!!  You are superheros! Don’t miss your chance to be a superhero, forward malicious emails to abuse@mtroyal.ca.

 

Fake benefits enrollment email arriving in MRU inboxes – 06/28/19

 

 

The following email is showing up in inboxes around campus.

 

 

This fake email is not from the IT Service Desk.  Normally I would go through and show you all the things that are wrong with this email. However, as many of you have been readers for a while, I thought it would be nice to have some fun with this one.

Take a look at the email and then comment below on what you think flags this email as phishing.  Next Thursday, I will go through the comments and add any that were missed. Let the commenting begin!

 

New email scam impersonates MRFA president – 06/26/19

The following email showed up in MRU inboxes this week.

There are two things that make this email so convincing. First Melanie’s email address is, in fact, correct.  No, her email wasn’t compromised. It was spoofed.   Second, they name a colleague as the person who will reimburse you. A nice touch actually.  With such a convincing email, how the heck are you supposed to know this is a scam? Well, there are a few tells.

First off, the grammar is rather crappy. Not what you would expect from the president of the MRFA. Second, if you try calling Melanie to confirm she sent the email, you get a phone message saying the MRFA office is closed and she isn’t returning messages.  If the office is closed, why would she be sending money to vendors? Third there is a sense of urgency. The email says the money needs to be transferred today. Lastly, she is asking you to take money from your personal account. That is a HUGE red flag. Why on earth would she ask you to take money from your personal account to pay a vendor? Nothing makes sense in this email except the email address and name dropping.

The best way to protect yourself from this type of a scam, is to go slow and question everything. If something doesn’t add up, call the email sender to confirm that they sent the message. If you aren’t sure you can forward the message to abuse@mtroyal.ca and we will take a look at it for you.

That is just what Megan did. Thanks to her quick actions, we were able to track down those who received this message, notify them it was a scam and stop the attack in its tracks. Way to go Megan, you are a superhero!! Be a superhero like Megan, report malicious emails to abuse@mtroyal.ca and help protect your colleagues from scammers and hackers.

For Megans efforts, she will be receiving  a commitment sticker. Want your own sticker? Report an malicious email to abuse@mtroyal.ca or come down to see me on Main Street on August 20th from 10:00 am to 2:00 pm.  Pick up your sticker and spin the prize wheel to win cool swag.

 

 

 

Reply to emails cautiously – 05/22/19

 

 

Since September, the Mount Royal community has been targeted by a gift card scam.  With this scam, criminals send you an email that looks like it comes from your supervisor asking you if you are available. If you respond, they ask you to purchase gift cards and send them photos of the redemption codes. This past weekend another 300 or so Mount Royal inboxes received one of these scam emails.

Fortunately, we had more people reporting them than we had people responding to them. Some of those that did respond sent out personal information such as where they were located, photos and their plans for the weekend. To our knowledge, no one went as far as purchasing gift cards. We are thankful for that.

Realizing that you gave scammers personal information about yourself just feels creepy. It is also dangerous.  The criminals can then take that information and use it as content in malicious emails that are sent to yourself or others. This makes the emails seem legitimate  increasing the likely hood that someone will be tricked.

In addition to being dangerous, conversing with the scammers encourages them to continue targeting Mount Royal. If they get a response to an email, they know it is only a matter of time before they convince someone to follow through and purchase those gift cards. Ignoring their inquiries will not stop the attempts, but it will reduce their frequency.

The best way to defend yourself from giving out personal information to criminals is to check the sender’s email address before you read the body of the email.  That way you have a better idea of who you are talking to before you respond. They may still be a hacker, but the odds are much smaller. Just by taking this small simple step you greatly reduce your chances of sharing information that you wish you hadn’t.

 

 

Job scam landing in MRU inboxes – 05/13/19

 

 

The latest scam to make the rounds is an email that appears to offer the recipient an opportunity to apply for an admin position.  It looks like this:

The email comes from the Vice President of an organization called the Robert Sterling Clark Foundation.  It is a real organization and the sender’s email address appears to be legitimate. Most likely, the sender has had her email account hacked and the scammers are using it to send out these fraudulent emails.  The poor grammar and hotmail email address are clues that something isn’t quite right.

Without responding to the email, it is impossible to know exactly what the scam is. However there are some standards tactics used. In the first one, once you send them your resume  they offer you an interview but charge you a fee of several hundred dollars to participate. No company will ever charge you to be interviewed.

In the second tactic, you are either given an interview through text or email or just offered  the  job outright based on your resume.  Once you accept the position, they send you a cheque. You are then asked to deposit the cheque into your account and then immediately transfer the same amount of money from your account to another.  Of course in a few days their cheque bounces and your bank account is minus those funds.

No legitimate employer will offer you a job without a proper face to face interview. Nor is there a legitimate reason for an employer to send you a cheque and ask you to deposit it in your account only to have you immediately transfer it to another.

To protect yourself from job scams:

  1. Do not pay for an interview or for interview expenses.
  2. Do not accept a position that does not require a face to face interview.
  3. If you are asked to make purchases or transfer funds on your employers behalf, make sure any fund transfers or cheque deposits clear before you do so.
  4. Research perspective employers. Make sure you can reach your contact person through the company’s main contact number or email listed on their website. Check for reports of fraud involving the company.

Remember, if it seems too good to be true, it probably is. Just ask this woman from New Brunswick.

 

 

Another Rahilly phish making the rounds – 05/08/19

The gift card scammers are giving another go at trying to convince employees that our new president Dr. Rahilly is trying to contact them.

 

 

This time they have managed to get his name correct, replacing the much loved Tin with Tim.  They have also changed up the email address going with presidant to make it look more official.  Although if they had spelled it right, it would have been more effective.

This is just another attempt at a gift card scam. If you check the sender’s email address before you read the body of the email, you will be less likely to have emotion override rational thought and reply in haste.  If you are contacted by the “presidant”, just delete the email.

 

Must Read – No we don’t have a secret email service – 04/23/19

A new phishing email is showing up in MRU Inboxes and Spam folders.  It looks like this:

The first question you should ask is why would you receive an email about unread messages? However, if the panic over missing out on 2 messages throws common sense out the window, a glance at the sender’s email address should alert you.  If you miss that clue and click on the REVIEW NOW link in a desperate attempt to avoid missing out, it takes you to this web page:

If you have gotten to this point, there is a good chance you will think that MRU has a secret email service outside of Gmail that you weren’t aware of. As a result, you will have no issues with entering your Mount Royal login credentials to access the mysterious messages. That is exactly what the hackers are hoping you will do. Once you do, Bob is your uncle, and they have control of your Gmail.

Let me assure you that the only email messages you will every receive from Mount Royal University will come through and be received via Gmail. You will never have to login to another email service to receive messages.

If this or a similar emails show up in your Inbox or Spam folder, delete them. If you ever have questions about the legitimacy of  an email that you have received from us, please forward the email to abuse@mtroyal.ca and we will be happy to investigate for you.

What to do with email in your Spam folder – 04/23/19

 

 

At Mount Royal University, we now have lots of diligent users reporting phishing emails to abuse@mtroyal.ca. The IT security team is over the moon with the wonderful responses we are getting. However, we are getting quite a few that people find in their Spam folder.  So I thought I would take a moment to explain how your Spam folder works and what to do with the emails that find their way there.

First off, for those who have no idea what I am talking about, your Spam folder is found in Gmail. Email that Google thinks is malicious or spam is sent there. Often its links and/or attachments are disabled or removed. Google determines if an email is malicious or spam using a variety of criteria. Examples of this criteria include containing known malware or phishing links.

Occasionally newsletters you subscribe to or emails from vendors can end up in the Spam folder by accident. That is why the emails aren’t deleted outright. You have the opportunity to scan through the folder and check and make sure nothing that you actually want to receive has made its way there.

As the Spam folder can fill up pretty quickly with hundreds of emails, I usually recommend that once a week you take a quick scan through your spam and then delete its contents. This prevents you from getting overwhelmed with an overloaded folder.

If you find a phishing email in your Spam folder, Google already knows about it and doesn’t need to be notified. However if you find one that is especially concerning and think the Mount Royal Community should be warned, please forward it to abuse@mtroyal.ca. When you do, let us know that it came from your Spam folder so we know who needs to be notified.

For more information about the Spam folder, how to mark or unmark messages as spam and other spam related questions, check out Gmail Help.

 

Must Read – The impersonators noticed we have a new president – 04/18/19

The Mount Royal impersonators are continuing their gift card scam. However, they have figured out that we have a new president and they have changed tactics accordingly.  The latest phishing emails appear to come from Dr. Tim Rahilly.

This causes concern for two reasons. First, they are obviously monitoring our website for information to put into phishing emails. Second, as Dr. Rahilly has not yet officially begun his term there may be some confusion about his email.

To clarify things, he has had an official Mount Royal email address for quite some time. If you receive an email that appears to come from him, please check the email address to ensure it is correct. If you are unsure, please forward it to abuse@mtroyal.ca and we will check it for you.