Cybersecurity Blog

Fake email from Tim Rahilly arriving in spam folders – 09/18/19

 

This week the campus community is finding a particularly clever phishing email in their spam folders. It looks like this:

 

 

This is the third time our illustrious leader has been impersonated. Although this email is mostly  landing in spam folders, I thought I should bring it to your attention in case it sneaks into an inbox or two.

Your on-the-ball colleague caught this one because they checked the sender’s email address. This is a gentle reminder to follow their lead.  With all emails that ask you to take some sort of action, whether it is opening an attachment, clicking on a link or providing information, always check the sending email address BEFORE you read the email. If the email address is wrong, it is less likely your emotions will be triggered and rational thought will be by passed.

If this darling arrives in your spam folder or inbox, it can safely be deleted.

 

Clever Staples phishing email showing up in MRU inboxes – 09/05/19

Classes have begun and the hackers are betting that employees across campus will be ordering supplies. They have begun sending out fake order confirmations from Staples.  These emails are extremely well done.  Take a look.

 

 

I especially like the note at the bottom that specifically asks you to reply to the email.  Just in case you are suspicious, they have given you some lovely directions that will put you in touch with them.  Very clever.

The only real tell, unless you are super familiar with the email that Staples uses for order confirmations, is the View here button URL that takes you to chainetwork.club. Definitely not Staples.

As with all other emails that come from organizations that you are familiar with, visit their website directly to check orders, confirmations and payments. Do not use links in emails even if they look as legitimate as this one.

 

Basic IT Security Awareness 2019 training course coming down – 08/30/19

 

 

It’s that time of the year again. Time for the old cybersecurity training to go down and the new one to go up. If you haven’t completed Basic IT Security Awareness 2019, you still have a couple more days to finish it up. Tomorrow evening it will be disabled and the grades will be archived. Sunday, September 1 the new course Cybersecurity Awareness Training 2020 will go live. This new course has great new videos and some updated content.

You have until June 30, 2020 to complete the new training course. At that time the course will be taken down. Please put this date into your calendar.

If you take PCI training, you do not have to complete this new course. Your PCI training contains the same cybersecurity information as this one does.

I hope you enjoy the new training course. If you have any questions, comments or concerns please contact me at bpasteris@mtroyal.ca

MRU targeted by phone – 08/08/19

 

 

This week a rather irritating phone campaign has hit the campus. Phone solicitors are calling employees and asking them to confirm their role. If the employee does, the caller asks if they can send them some email. This particular campaign is more annoying than malicious. However, it provides a great opportunity to review phone safety.

With people becoming more tech savvy and cybersafety aware, it is becoming harder for criminals to score with a simple phishing email. To increase the odds that their potential victims will be tricked, they are turning more and more to pre-texting. The phone is fast becoming their favorite tool.

Typically a target receives a phone call with the scammer pretending to be someone who is trusted or has a right to the information they are asking for.  They will often ask questions that seem innocent enough. However they are gathering information about you and the University that they can use against you later. Armed with enough information, they can create a phishing email that is almost impossible to identify as malicious.

If you receive a phone call from someone who is asking for information they should already have or that they shouldn’t know, politely ask them for the name of their organization and then tell them you will contact them later. You can then hangup and call that organization directly using a number that you have either used before or comes from the organization’s official website.  If you cannot reach the individual through the organization’s switchboard, then you know that it is a scam.

 

 

No, your password is not going to expire – 08/01/19

The latest phishing email to hit MRU inboxes is a classic. Check it out.

A big thank you to everyone who reported this phish by forwarding it to abuse@mtroyal.ca. You are all superheros! Should this bad boy arrive in your inbox, you can delete it as we are aware of it.  However, if something new shows up please do what your colleagues have done and forward it to abuse@mtroyal.ca. You too can be a superhero!

 

How to create emails that don’t look malicious – 07/26/19

 

 

Communicating with everyone on campus is challenging. A lot of work goes into what information should be included, making sure the email is as succinct as possible and making it easy for the readers to act on your request. Unfortunately, we often have these emails reported as phishing emails or they are deleted by readers.

So how do you create an email that makes it easy for the reader to act without making them think you are trying to steal their data? It is a delicate balancing act. Fortunately, there are some guidelines you can follow.

First, make sure that people can verify the legitimacy of the email, by including the name of a contact person at Mount Royal that can be found in the directory. That way if someone is not sure about an email, they can just call the contact person and confirm that the email is legitimate. This is especially important if the email is coming from a third party.

Second, if you are using a tool to track who clicks on what in the email, make sure the URL that appears when you hover over the links looks like a Mount Royal URL.  If you are not sure, contact the IT Service Desk and ask them for help. We can work with your tool vendor to make sure your links look legitimate.

Third, avoid including links if you can. Instead of using links, type out the Mount Royal URL or tell them where on mtroyal.ca they can find the information.  Stay away from URLs that look vague, are excessively long or do not send readers to a G suite or mtroyal.ca webpage.  Even better, include the relevant information in the email itself.

Fourth, do not use your personal email address for Mount Royal correspondence. Anything not coming from an official Mount Royal email address will be considered suspicious.

Next, if you are using a tool to send the email make sure that the sender’s email address appears as a legitimate Mount Royal address. If your tool does not allow you to do that, contact the IT Service Desk. We can work with most vendors to fix that.

Lastly, avoid including other phishing red flags in your email such as generic salutations, a sense of urgency, triggering emotions and asking people to do something against established procedures.

By following these simple guidelines you will greatly decrease the chances readers will report or trash your email instead of acting on it. If you are planning on sending out a campus wide email and you aren’t sure if it will get flagged as malicious or not, please contact the IT Service Desk and ask for help. We would be happy to preview the email and let you know if anything needs to be changed.

Happy emailing!!

 

 

Scammers targeting MRU are getting very creative – 07/17/19

In September last year, the first of several targeted email scams arrived in Mount Royal inboxes. Since that time we have see a plethora of these scams spread across campus.  Up to now that have all  been emails from a supervisor asking a report to do a favor for them.

However, we must have ended up on some “the Best People to Scam” list as this week the scams have gotten very creative. First up is a dude in Indonesia contacting Wellness Services to help him sell a helicopter (I actually think this might be legit).  Second up is  an email to the MRFA insisting a charge from their store has appeared on a bank statement (definitely not legit).  Check out the pics!!

 

As entertaining as these emails are, that is not the reason why I am sharing them with you (well maybe a little bit). I am sharing them to give you a heads ups that MRU is being actively targeted and we all need to be on our toes. If you receive any email that is out of the ordinary, please take a closer look at it. If you aren’t sure if it is malicious, forward it to abuse@mtroyal.ca like your colleagues did and we can take a look. Everyone who reports an email gets a cool sticker. Be a superhero and report those malicious emails!

 

Must Read – MRU impersonators are spoofing real email addresses 07/03/19

The newest round of MRU impersonators are upping their game. The are now  spoofing legitimate email addresses. To do this, they accessed the source code of the email and changed its header information.  As a result, the displayed sender email address and sender’s name match and are correct. However, any replies to the email are sent to a different email address all together. Take a look.

 

 

Not only did they spoof the email address, but they also included the employees’ email signature. This makes it very hard to determine if the email is legitimate or not.

How do you protect yourself against this type of cyberattack? Easy,  do what your colleagues  did. Call the person who sent the unexpected email to verify that they actually sent it. By making that call, you not only protect yourself but also the person being impersonated.  Without it they have no way of knowing their email account may have been compromised.

To all of you who forwarded the email to abuse@mtroyal.ca, thank you!!  You are superheros! Don’t miss your chance to be a superhero, forward malicious emails to abuse@mtroyal.ca.

 

Fake benefits enrollment email arriving in MRU inboxes – 06/28/19

 

 

The following email is showing up in inboxes around campus.

 

 

This fake email is not from the IT Service Desk.  Normally I would go through and show you all the things that are wrong with this email. However, as many of you have been readers for a while, I thought it would be nice to have some fun with this one.

Take a look at the email and then comment below on what you think flags this email as phishing.  Next Thursday, I will go through the comments and add any that were missed. Let the commenting begin!

 

New email scam impersonates MRFA president – 06/26/19

The following email showed up in MRU inboxes this week.

There are two things that make this email so convincing. First Melanie’s email address is, in fact, correct.  No, her email wasn’t compromised. It was spoofed.   Second, they name a colleague as the person who will reimburse you. A nice touch actually.  With such a convincing email, how the heck are you supposed to know this is a scam? Well, there are a few tells.

First off, the grammar is rather crappy. Not what you would expect from the president of the MRFA. Second, if you try calling Melanie to confirm she sent the email, you get a phone message saying the MRFA office is closed and she isn’t returning messages.  If the office is closed, why would she be sending money to vendors? Third there is a sense of urgency. The email says the money needs to be transferred today. Lastly, she is asking you to take money from your personal account. That is a HUGE red flag. Why on earth would she ask you to take money from your personal account to pay a vendor? Nothing makes sense in this email except the email address and name dropping.

The best way to protect yourself from this type of a scam, is to go slow and question everything. If something doesn’t add up, call the email sender to confirm that they sent the message. If you aren’t sure you can forward the message to abuse@mtroyal.ca and we will take a look at it for you.

That is just what Megan did. Thanks to her quick actions, we were able to track down those who received this message, notify them it was a scam and stop the attack in its tracks. Way to go Megan, you are a superhero!! Be a superhero like Megan, report malicious emails to abuse@mtroyal.ca and help protect your colleagues from scammers and hackers.

For Megans efforts, she will be receiving  a commitment sticker. Want your own sticker? Report an malicious email to abuse@mtroyal.ca or come down to see me on Main Street on August 20th from 10:00 am to 2:00 pm.  Pick up your sticker and spin the prize wheel to win cool swag.