Cybersecurity Blog

Must Read – How to print sensitive documents on public printers – 03/07/19

Just don’t. Okay, I admit I am being rather unreasonable. However if you have any other alternative to printing tax receipts, pay stubs, benefits statements and the like, please use it.  We are human beings after all and we get distracted. On a regular basis our techs pick up abandoned print jobs with sensitive information that should not be on public display. Here is the latest one.

With the tax season in full swing, we are seeing a lot of these types of documents left abandoned by their owners.  If you do not have any other means of printing sensitive documents other than using public printers, please take the following precautions:

  1. Check twice to ensure you are sending the print job to the correct printer.
  2. Be standing by the printer as the document is being printed.
  3. If the document does not print, assume you have sent it to the wrong printer and immediately look for it. Do not attempt to print the document again until you are 100% sure it has not been sent to another printer.

Taking these simple inconvenient steps will help prevent miscreants from using  your student number, SIN or other personal information for their gain and your misfortune. It will also keep how much you earn from being the latest water cooler gossip.

 

Must Read – The MRU impersonators are ramping things up – 02/28/19

 

Phishing emails that appear to come from Mount Royal University supervisors are making their appearance again. This time they are throwing in the whole, “I am going into a meeting with limited phone calls, so just reply to my email”  nonsense to try and keep you from calling the person directly to verify the legitimacy of the email.

Thankfully they are still using lame sender email addresses, so they are pretty easy to spot if you take the time to look. However,  they have started to use a new tactic that is concerning. They some how have gotten a hold of cell phone numbers and are now texting Mount Royal employees asking them to contact the texter immediately as they have a task for them. The messages appear to come from the employee’s supervisor.

How do you protect yourself from social engineering via text message?

  1. Don’t click on links in text messages
  2. Be suspicious of requests that are outside of regular procedures or processes
  3. Don’t give out information that the person you are talking to should already have

A good rule of thumb is, if it doesn’t feel right it probably isn’t.  If you get a strange request from your supervisor, politely let them know you will get right back to them and hang up. Then contact them using an email or phone number that you know is legitimate.

 

Must Read – Check the email address before responding to an email – 02/06/19

 

 

 

Once again Mount Royal inboxes are receiving emails from scammers impersonating Mount Royal employees.  The email appears to come from a colleague and asks if the recipient is available. If the recipient responds, the scammer then asks for gift cards.

These emails are easy to identify as the email address is not a Mount Royal email address. Thing is, people are in such a rush these days they don’t bother checking it. They see the name of their colleague and respond.

While responding to the scammer is not necessarily risky, it does encourage them. They now know that you don’t check email addresses. Next time they may be a bit more clever and include a malicious link or attachment.

When reading any email, the first place your eyes should go is to the email address. If it doesn’t match the sender’s name, delete the sucker immediately. You don’t even have to read it.  It is easy, it saves you time and it will make your IT department very very happy.

 

Must Read – Hard to detect MailChimp phish hits MRU 01/15/19

The latest phishing attack to hit inboxes on campus is absolutely diabolical.  It looks 100% legitimate and contains legitimate looking links. In addition, the technique the clever criminals are using  by-passes our protective measures preventing us from keeping it out of inboxes. If we block it, we block all MailChimp emails.

Lets take a closer look at this bad boy.

 

 

Pretty impressive isn’t it? What is even more impressive is hovering over the links displays Mandrill.com which is MailChimps legitimate tool for tracking clicks, dealing with payments and account settings etc.  However, if you click the link you get sent to:

 

 

While us14-mailchimp kinda looks legit, it is the wrong URL for MailChimp. However, the page looks like a MailChimp login page.  We didn’t follow along further to see what happens after you enter your username and password. However, we are pretty sure the next page would be asking for credit card information.  The crooks are pretty darn smart. If you login and then get wise and not enter your credit card information, they still get access to your MailChimp account which they can use to send out more phishing emails to other unsuspecting users.  It’s brilliantly done.

As smart as the hackers are, Mount Royal employees are smarter. This email was forwarded to abuse@mtroyal.ca by one of our own.  That’s right, one of our own employees tagged this bit of nastiness.  I couldn’t be prouder! They didn’t recall having a paid MailChimp account and recognized that the sent email address was off.

So how do you protect yourself from an attack this well executed? Do what your colleague did, don’t click the links in the email. If you have a MailChimp account, login to it directly using a bookmark or search result. If there is a problem with your account, the information will be available there. If everything turns out to be in order, you know the email is a phish. Forward it in it’s entirety to abuse@mtroyal.ca and your work as a cyber security superhero is done!

 

Must Read – They’re back and this time they’re impersonating David Docherty – 12/12/18

 

 

 

The MRU impersonators are at it again.  Apparently they didn’t get bites just pretending to be a supervisor so they have upped their game.  Their third attempt uses an email that appears to come from Dr. Docherty himself.

 

As with the other attempts, if you respond to this email you are asked to purchase gift cards. This is just another reminder to check the sender’s email address when you find yourself responding emotionally to an email.

 

How we get notified of an account breach – 11/23/18

 

 

Not every hacker makes their money by breaking into  accounts and stealing funds or ransoming your data. Some hackers are content to simply  break into servers and steal usernames. passwords and other personal information that they then sell on the dark web.  It is quite a niche business.

To combat this evil, an enterprising fellow name Troy Hunt created a tool that scans the dark web looking for stolen data that is for sale.  You  can access this information for free at have i been powned. Simply visit the website and enter your email address. It will tell you if any of your accounts using that email have been breached.

This gives you the opportunity to change your password and username or delete the account.   This is an easy process if you don’t reuse passwords. It is a huge headache if you do.  What’s even cooler,  you can subscribe to an alert service so they will automatically notify you when there is a new  account breach.  This is so awesome, Mount Royal even subscribes.

We get notified when anyone with an @mtroyal.ca email is involved in a breach.  We also get told which account was breached.  We are aware that password reuse still happens. By being notified of breaches we can make sure our users change their passwords so hackers cannot use their accounts to gain access to the network.

So if you are using your @mtroyal.ca account to sign up for the adult furry website High Tail Hall, we will know about it. To make matters worse, we have to contact you to let you know about the breach.  It gets awkward for everyone.

This is a friendly reminder, only use your @mtroyal.ca email account for business. IT Services thanks you.

 

Must Read – You are our first line of defense – 11/15/18

 

 

As part of our phishing training program, I visit repeat clickers and analyze their business processes to determine why they are having difficulty identifying phishing emails. An interesting trend is appearing.  Time after time, I hear people say that they thought IT Services had tools that filtered out all malware so anything that reached their inbox was safe to click.

I am going to set the record straight. There is no anti-virus, anti-malware or other type of software or technology that can identify all malware or malicious links. While IT Services has wonderful tools that help them stop most attacks, they cannot stop everything. Every organization is vulnerable to new strains of malware and hundreds of new strains are developed every day.  Whether at work or at home, you cannot rely on anti-virus/anti-malware to protect you 100% of the time.

You are our first line of defense. If you avoid clicking or opening something that you shouldn’t, the odds of being victimized decreases exponentially.  Simply by pausing when you are triggered emotionally by an email or when an email contains a link or attachment, you can reduce your chances of a cyber attack by 75%.  We can’t do it alone, we need your help.  Join us in the fight against cyber crime, stop and think before you click.

 

 

Must Read – Phishing emails are targeting educational organizations – 10/26/18

 

A new type of phishing email is making the rounds.  This one targets the employees of a specific educational institution and appears to come from the president. It includes the right signature line and logo to enforce the deception.  Subject lines of the emails include:

  • Codes of conduct
  • Ethical standards
  • Proper workplace behavior
  • Rules governing conflicts of interest

The emails tends to announce new policies around employee conduct or discusses the renewed focus on ethical professional behavior. They look something like this:

They include an attachment that when opened, takes the employee to a web page that look like a legitimate login page.  What makes this one truly diabolical is once the login credentials are entered, the employee is taken to a legitimate website so they think nothing is amiss.

This is a great time to remind everyone to confirm the legitimacy of emails containing links or attachments that they are not expecting. As criminals can now make it look like an email is coming from someone our know, right down to the correct email address, there is no way to tell if an email is a phish or not unless you contact the person who appears to have sent it.

 

Must read – changes to Google Team Drive permissions – 10/11/18

 

 

This week Google rolled out the first of two changes to the Google Team Drive permissions.  The names have been changed.  The new names and their permissions are:

  • Manager = full access
  • Contributor =edit access
  • Commenter = comment access
  • Viewer = view access

Please check your Team Drive members list and ensure that the new permissions are correct.  After the name change, I found members who previously had only edit access were  given Manager or full access to the drive.

This week’s contest entry code for the Cyber Security Challenge is w2snl4tr.

Must Read – Scammers pretending to be Mount Royal employees – 09/27/18

 

It has been a busy week. There are two phishing emails going around campus at the moment.  The first one starts out rather innocently.

 

 

However if you respond to it, like half a dozen people did,  you receive a second one.

 

 

You are probably wondering why anyone would respond to the first email.  First of all the email was from a department head, so that tends to get people’s attention and generate an emotional response.  Also, almost all who responded were looking at the email message on their phone.  They were unable to clearly see the sender’s email address or the grammar errors.  This is just another reminder as to why it is so important to wait until you get to a large screen to take action on an email. It is also a reminder to not respond to our emotions. If you read an email and are responding emotionally to it, that is your cue to pause for a minute and take a closer look.

Impersonator number two  is a bit more sneaky.  Check out this bad boy.

 

 

I just love how they added the signature line to this one.  They must have received an email from Mount Royal at some point.  This is the stuff that keeps me up at night.  The grammar is perfect.  The content is plausible and looks legitimate.  The fuzzy logo is a bit of a tell, but other than that it’s not an easy one to spot.

That was the bad news.  Now for the good news.  In both cases  IT services was notified of the threat by Mount Royal University employees who forwarded the email to abuse@mtroyal.ca.  Their quick thinking gave us a heads up right away so we could block both email addresses and prevent further attacks.  They are superheros!!

Keep an eye out for these types of emails in the future.  If you find one, forward it in its entirety (no screenshots please) to abuse@mtroyal.ca and you can be a superhero to!!