Cybersecurity Blog

Fake email from Tim Rahilly arriving in spam folders – 09/18/19

 

This week the campus community is finding a particularly clever phishing email in their spam folders. It looks like this:

 

 

This is the third time our illustrious leader has been impersonated. Although this email is mostly  landing in spam folders, I thought I should bring it to your attention in case it sneaks into an inbox or two.

Your on-the-ball colleague caught this one because they checked the sender’s email address. This is a gentle reminder to follow their lead.  With all emails that ask you to take some sort of action, whether it is opening an attachment, clicking on a link or providing information, always check the sending email address BEFORE you read the email. If the email address is wrong, it is less likely your emotions will be triggered and rational thought will be by passed.

If this darling arrives in your spam folder or inbox, it can safely be deleted.

 

Clever Staples phishing email showing up in MRU inboxes – 09/05/19

Classes have begun and the hackers are betting that employees across campus will be ordering supplies. They have begun sending out fake order confirmations from Staples.  These emails are extremely well done.  Take a look.

 

 

I especially like the note at the bottom that specifically asks you to reply to the email.  Just in case you are suspicious, they have given you some lovely directions that will put you in touch with them.  Very clever.

The only real tell, unless you are super familiar with the email that Staples uses for order confirmations, is the View here button URL that takes you to chainetwork.club. Definitely not Staples.

As with all other emails that come from organizations that you are familiar with, visit their website directly to check orders, confirmations and payments. Do not use links in emails even if they look as legitimate as this one.

 

Phishing email appearing to come from Mailchimp targeting MRU – 08/14/19

 

A rather clever phishing email is showing up in inboxes around campus. Take a look.

 

 

This one is so very clever as the links on the bottom are legitimate. They take you to Mailchimp’s contact info, terms of use and privacy policy. Where things get interesting is if you click on the other links. They all take you to a Google site masquerading as a Mailchimp login page.  A lot of work went into this one.  It is so close to the real thing that only the sender’s email address and hovering over all the links gives you any clue there is something amiss.  The email itself is perfect.

This is quite admirable really, if you forget that they are trying to steal your Mailchimp credentials  and your information that Mailchimp has on file.  When the emails are this good it is hard know whether they are legitimate or not. The best way to deal with them is to visit the organization’s website using a bookmark or search result and check your account information that way.

Kudos to the employee who identified this bad boy and forwarded it to abuse@mtroyal.ca.   If you find a nasty like this sitting in your inbox, do what your colleague did and forward it to us. We will send you a super cool sticker and give you the title of cybersecurity superhero in return.

 

 

Iranian hacker group using LinkedIn to deliver malware – 08/06/19

 

 

FireEye has identified a new phishing campaign targeting oil, gas and energy companies as well as utilities and government organizations. The rather clever criminal contacts victims through LinkedIn claiming to be a researcher at the University of Cambridge. Once contact is made, the victim is offered a job and asked to provide a resume.  As part of the application process, they are also asked to go to cam-research-ac.com to download and fill out a document. Of course once they do, malware is loaded onto their computer.

What makes this campaign so concerning is the assumed legitimacy that comes with using LinkedIn to communicate with potential victims. People tend to trust the platform and therefore trust those that use it to communicate. Unfortunately, this trust is misplaced.

When you are contacted by someone you don’t know on any social media platform, treat that communication with the same skepticism as you do with any email message. Just because they say they are from a trusted organization, does not mean they are.  Before you engage in conversation, call their organization and confirm that they are in fact employed there.  A little homework can save a lot of headache.

 

Watch out for fake Equifax settlement emails – 08/01/19

 

 

 

Cybercriminals are sending out fake Equifax settlement emails. These emails are promising free credit monitoring and/or compensation. To make matters worse, they are spoofing the real Equifax settlement page. So if you click on the link in the email, you are sent to a very convincing web page encouraging you to file a claim. Of course, if you fill in their form with all of your personal information you are just sending your data to the criminals.

If you need to file a claim, do so by visiting the FTC website. You can find information there about the data breach and the settlement as well as a legitimate link to the Equifax site.  Do not click on any links in any email that appears to come from Equifax. Visit their site directly using a browser search result or a bookmark. Everything that you need to know you should be able to find there. If not, there will be legitimate contact information you can safely use.

 

No, your password is not going to expire – 08/01/19

The latest phishing email to hit MRU inboxes is a classic. Check it out.

A big thank you to everyone who reported this phish by forwarding it to abuse@mtroyal.ca. You are all superheros! Should this bad boy arrive in your inbox, you can delete it as we are aware of it.  However, if something new shows up please do what your colleagues have done and forward it to abuse@mtroyal.ca. You too can be a superhero!

 

How to create emails that don’t look malicious – 07/26/19

 

 

Communicating with everyone on campus is challenging. A lot of work goes into what information should be included, making sure the email is as succinct as possible and making it easy for the readers to act on your request. Unfortunately, we often have these emails reported as phishing emails or they are deleted by readers.

So how do you create an email that makes it easy for the reader to act without making them think you are trying to steal their data? It is a delicate balancing act. Fortunately, there are some guidelines you can follow.

First, make sure that people can verify the legitimacy of the email, by including the name of a contact person at Mount Royal that can be found in the directory. That way if someone is not sure about an email, they can just call the contact person and confirm that the email is legitimate. This is especially important if the email is coming from a third party.

Second, if you are using a tool to track who clicks on what in the email, make sure the URL that appears when you hover over the links looks like a Mount Royal URL.  If you are not sure, contact the IT Service Desk and ask them for help. We can work with your tool vendor to make sure your links look legitimate.

Third, avoid including links if you can. Instead of using links, type out the Mount Royal URL or tell them where on mtroyal.ca they can find the information.  Stay away from URLs that look vague, are excessively long or do not send readers to a G suite or mtroyal.ca webpage.  Even better, include the relevant information in the email itself.

Fourth, do not use your personal email address for Mount Royal correspondence. Anything not coming from an official Mount Royal email address will be considered suspicious.

Next, if you are using a tool to send the email make sure that the sender’s email address appears as a legitimate Mount Royal address. If your tool does not allow you to do that, contact the IT Service Desk. We can work with most vendors to fix that.

Lastly, avoid including other phishing red flags in your email such as generic salutations, a sense of urgency, triggering emotions and asking people to do something against established procedures.

By following these simple guidelines you will greatly decrease the chances readers will report or trash your email instead of acting on it. If you are planning on sending out a campus wide email and you aren’t sure if it will get flagged as malicious or not, please contact the IT Service Desk and ask for help. We would be happy to preview the email and let you know if anything needs to be changed.

Happy emailing!!

 

 

Scammers targeting MRU are getting very creative – 07/17/19

In September last year, the first of several targeted email scams arrived in Mount Royal inboxes. Since that time we have see a plethora of these scams spread across campus.  Up to now that have all  been emails from a supervisor asking a report to do a favor for them.

However, we must have ended up on some “the Best People to Scam” list as this week the scams have gotten very creative. First up is a dude in Indonesia contacting Wellness Services to help him sell a helicopter (I actually think this might be legit).  Second up is  an email to the MRFA insisting a charge from their store has appeared on a bank statement (definitely not legit).  Check out the pics!!

 

As entertaining as these emails are, that is not the reason why I am sharing them with you (well maybe a little bit). I am sharing them to give you a heads ups that MRU is being actively targeted and we all need to be on our toes. If you receive any email that is out of the ordinary, please take a closer look at it. If you aren’t sure if it is malicious, forward it to abuse@mtroyal.ca like your colleagues did and we can take a look. Everyone who reports an email gets a cool sticker. Be a superhero and report those malicious emails!

 

Fake benefits enrollment email arriving in MRU inboxes – 06/28/19

 

 

The following email is showing up in inboxes around campus.

 

 

This fake email is not from the IT Service Desk.  Normally I would go through and show you all the things that are wrong with this email. However, as many of you have been readers for a while, I thought it would be nice to have some fun with this one.

Take a look at the email and then comment below on what you think flags this email as phishing.  Next Thursday, I will go through the comments and add any that were missed. Let the commenting begin!

 

Is it spam or is it phishing? 05/23/19

 

 

I am truly delighted with the number of malicious emails that are being forwarded to abuse@mtroyal.ca.  The Mount Royal community is doing a great job of letting us know what to look for and helping us defend their data. There is one question that people keep asking though, what is the difference between Spam and a phishing email? I thought I would take a moment to clarify.

Spam email
  • Goal is to sell you something.
  • It is sent to hundreds or thousands of people at a time.
  • Reading the email does not generate an emotional response.
  • It may or may not contain links
  • Clicking on the links will take you to the organizations website.
Phishing email
  • Goal is to steal your data or use your workstation as a tool to access data on other people’s devices.
  • It can be sent to thousands of people or just one or two.
  • Reading the email generates an emotional response.
  • It may or may not contain links and or attachments.
  • Clicking on the link or opening an attachment takes you to a fake web page and/or loads malware onto your device.

The easiest way to determine if what you are dealing with is spam or phishing is by examining the purpose of the email. If it looks like they are trying to sell you something, then it is probably spam. If it looks like they are trying to confuse or trick you, then it is likely phishing.

Spam emails should be marked as spam by clicking the stop sign icon in the Gmail menu bar. Phishing emails should be forwarded to abuse@mtroyal.ca. If you aren’t sure which one it is, forward it to abuse@mtroyal.ca and we can let you know.