IT Security Newsletter

Must Read – MRU impersonators are back – 11/16/18

 

They’re baaack!

 

A few weeks back I warned the Mount Royal Community that emails were making the rounds that appeared to be from Mount Royal Employees.  Typically the impersonated employees  were supervisors of some sort and the emails were sent to their reports. The criminals were taking advantage or our natural tendency pay attention and take action when we are contacted by our supervisor.

Unfortunately the scam is back.  Thankfully abuse@mtroyal.ca has been flooded with reports and no one has yet taken the bait. However just to be on the safe side, I thought I would give everyone a friendly reminder to check the sender’s email address before responding to an email.

 

Look for these phishing emails showing up in MRU inboxes – 11/08/18

There are two phishing emails that are making the rounds through the Mount Royal community.  The first is a notification that we are migrating to Staff Outlook 2018.

 

 

Of course, no such thing is happening. The second appears to be from payroll:

 

 

The majority of you will look at the addressing information for both of these emails and immediately recognize they are fake.  However, there is a small number of you who neglect to check the addressing information of an email before you decide to click.  Out of that group, there is an even smaller number of you who process emails when you are distracted and will quickly scan the email,  fail to notice the grammatical errors but pick up on its urgency and click in a panic.  It is that small group that I am hoping will read this article and realize:

  1. Checking the email address of the email sender will save you time. If the email address is wrong, you don’t even have to read the email you can just forward it to abuse@mtroyal.ca or delete it.
  2. If you have an emotional reaction to an email, there is a good chance you are being baited to click on something you shouldn’t. Stop what you are doing and take a closer look a the email.
  3. It takes a lot more of your  time to have your machine re imaged than it does to slow down and look carefully at emails with links or attachments.

All it takes is one click  and a whole day is lost re imaging your machine, apologizing to colleagues, apologizing to students and feeling like an idiot. All it takes is one click and the whole network can be shut down.  Join the rest of us who slow down, check the sender’s email address  and giggle “Nice try”.

 

Must Read – Phishing emails are targeting educational organizations – 10/26/18

 

A new type of phishing email is making the rounds.  This one targets the employees of a specific educational institution and appears to come from the president. It includes the right signature line and logo to enforce the deception.  Subject lines of the emails include:

  • Codes of conduct
  • Ethical standards
  • Proper workplace behavior
  • Rules governing conflicts of interest

The emails tends to announce new policies around employee conduct or discusses the renewed focus on ethical professional behavior. They look something like this:

They include an attachment that when opened, takes the employee to a web page that look like a legitimate login page.  What makes this one truly diabolical is once the login credentials are entered, the employee is taken to a legitimate website so they think nothing is amiss.

This is a great time to remind everyone to confirm the legitimacy of emails containing links or attachments that they are not expecting. As criminals can now make it look like an email is coming from someone our know, right down to the correct email address, there is no way to tell if an email is a phish or not unless you contact the person who appears to have sent it.

 

Scammers sending emails that look like they came from your account – 10/24/18

 

 

There is a new twist on the you have been naughty scam.  Criminals are sending emails that once again claim that they have evidence that you have been visiting porn sites and if you don’t pay them, they will make that information public.

The newest form of the scam claims that they have installed a RAT (remote access Trojan) on your computer that allows them to send the evidence from your device. To drive home the point, the email looks like it has come from your email account.

The good news is, it is all a big bluff.  They don’t have access to your email, they are only spoofing the email address. Your account is secure.  Your reputation is intact and you can peacefully delete the email.

 

Hurricane Florence Relief Scams – 09/27/18

 

 

It is a sad reality, but when there is a disaster it doesn’t take long for criminals to find a way to profit.  Hurricane Florence is no exception.  There are numerous websites for hurricane Florence relief that have popped up in the last week.  All have very professional looking graphics and legitimate sounding names.  All of them allow you to donate directly from their web site. However, many of them are simply collecting money and putting it into their own pockets.

In addition to the “charity” websites, the bad guys are sending out phishing emails tugging at your heart strings and asking you to donate to hurricane Florence relief.  Just as you would with any other unsolicited email, don’t click on links or open attachments in these emails.  If you wish to donate, visit a charity’s website directly.

Not sure where to donate? Make sure you do your homework first. Charity Navigator is a terrific organization which investigates and rates charities.  They have hundreds of charities listed on their website.  You can see if the charity is legitimate and how much of their raised funds are given away and how much are used for administrative costs. With a little research you can make sure your good deed doesn’t turn into it’s own disaster.  Happy donating!!

 

Must Read – Scammers pretending to be Mount Royal employees – 09/27/18

 

It has been a busy week. There are two phishing emails going around campus at the moment.  The first one starts out rather innocently.

 

 

However if you respond to it, like half a dozen people did,  you receive a second one.

 

 

You are probably wondering why anyone would respond to the first email.  First of all the email was from a department head, so that tends to get people’s attention and generate an emotional response.  Also, almost all who responded were looking at the email message on their phone.  They were unable to clearly see the sender’s email address or the grammar errors.  This is just another reminder as to why it is so important to wait until you get to a large screen to take action on an email. It is also a reminder to not respond to our emotions. If you read an email and are responding emotionally to it, that is your cue to pause for a minute and take a closer look.

Impersonator number two  is a bit more sneaky.  Check out this bad boy.

 

 

I just love how they added the signature line to this one.  They must have received an email from Mount Royal at some point.  This is the stuff that keeps me up at night.  The grammar is perfect.  The content is plausible and looks legitimate.  The fuzzy logo is a bit of a tell, but other than that it’s not an easy one to spot.

That was the bad news.  Now for the good news.  In both cases  IT services was notified of the threat by Mount Royal University employees who forwarded the email to abuse@mtroyal.ca.  Their quick thinking gave us a heads up right away so we could block both email addresses and prevent further attacks.  They are superheros!!

Keep an eye out for these types of emails in the future.  If you find one, forward it in its entirety (no screenshots please) to abuse@mtroyal.ca and you can be a superhero to!!

 

Fake emails asking you to update student loan info – 09/18/18

 

 

Its that time of the year again.  Books have been purchased, classes have begun and the fake student loan emails have arrived.  Be on the look out for emails asking you to update your banking information, confirm billing information and to view statements.

If you receive one of these emails treat it as you would any other email coming from an organization you know, visit their website directly using a bookmark or browser search results.  You can check your statements, update information and read notifications there.  If you still have concerns, their website will have their contact information and you can phone or message them.  Just make sure you don’t  use the contact information in the email, you may be phoning or emailing a real live criminal.

 

Just because a link looks safe, doesn’t mean it is – 09/07/18

 

 

For many of you, not clicking on email links is an obvious choice.  You wonderful folks are the ones who follow best practices and use a bookmark or browser search to access information given to you in an email.  However, there are braver souls out there who prefer to live on the wild side. They hover over links and then determine whether or not it is safe to click.

The argument I hear is…”I know the URL is correct, I have it memorized”. Here is the problem.  Unicode  is used to determine what character should be displayed in a field. It incorporates tons of different writing systems from various languages by giving each character of each language a different code. This is done even if they look the same to the naked eye. So an English “a” is considered to be a different character than a Cyrillic “a”, even though they look identical.  This allows hackers to create fake websites with domain names that look official right down to the domain name.  There is no way to tell by looking at them, which one is legitimate.

The fun doesn’t stop there.  Even if our hacker isn’t sophisticated enough to use the Unicode trick, there are several letters on a keyboard that are extremely similar and can be confused for one another. For example, the letters “I” and “l” are two different letters on the keyboard but look almost identical on the screen.

As clever as the hover trick is, if your hacker is using any of these techniques, you will end up with a data breach.  To truly make sure you aren’t going somewhere you would rather not, stick with the bookmarks and browser search results. Those will take you to the right website every time.

 

 

Must Read – Iranian Hackers are trying to steal university research – 08/31/18

 

 

Iranian hackers are sending out phishing emails that appear to come from within a targeted university. The emails contain a link and urge the recipient to sign in to an internal resource, the favorite being the library system.  The link is to a fake login page that records login credentials.

The hackers appear to be trying to steal research data.  The campaign is world wide with over 16 universities targeted and over 300 fake websites created. Canadian universities are among the targets.

If you receive an email asking you to login to one of our internal resources, do not click on any links in the email.  Instead, access that resource using a bookmark or a link on www.mtroyal.ca.  You can also contact the department in charge of that resource and ask them if they sent out an email. Pay special attention to emails asking you to login to the library system.

If you are unsure of the legitimacy of any email, you can forward it to abuse@mtroyal.ca and IT Services will be happy to investigate for you.

 

When a stranger calls, it may not be who you think – 07/19/18

 

 

Have you checked on the computer? *Tech support scams are the bread and butter of many criminals organizations.  The latest version is rather creative.  It starts with you clicking on something you shouldn’t which installs malware on your machine.

The malware waits for you to type “bank” in the browser. When it sees you going to your banking login page, it redirects you to a fake banking web page that records your credentials while you try to login.  It then slows your computer down making you think there is something wrong with it.  Then a pop up conveniently appears telling you that you have a technical problem and asks you for your name and phone number so tech support can call you.

Surprise, a real life bad guy calls and tries to manipulate you into giving them more information so they can immediately transfer money out of your account. It is a rather slick scam. You would admire them if they weren’t stealing money from you.

This is just another reminder that no legitimate tech support company will ever call you or prompt you to call them.  If you get a 1-800 number,  are offered technical assistance without asking for it or have someone call you to offer help; the stranger is there to help themselves, not you.

 

*I am hoping you get the reference. If not, this will help.

Source : https://blog.knowbe4.com/alert-there-is-a-new-hybrid-cyber-attack-on-banks-and-credit-unions-in-the-wild?utm_source=hs_email&utm_medium=email&utm_content=63936946&_hsenc=p2ANqtz–Lu3QkGYcRkjzH-KDpYeGQLy41mfHaS4MgK7rbDIoBHwAw0BrbU5HwxlZAioadMBoGis9xB0uePy8yw7mUMBwXdMNC9Q&_hsmi=63936946