Cybersecurity Blog

Criminals are creating look-a-like MRU webpages – 04/23/20

 

We have been notified that cybercriminals have registered and are using the domain www.mroyalu.ca as well as several other look-a-like domains. They are attempting to fool people into visiting their malicious websites.

While working from home, it is very important that you double check all links that you receive in emails and the sender’s email address.

If the link does not have mtroyal.ca, mru.ca, mrucougars.com or mymru.ca before the first single / in the URL, it is malicious.

Examples of legitimate URLs are:
mru.ca/cybersecurity
mru.ca/wellness
https://www.mtroyal.ca/AboutMountRoyal/WhyMRU/
https://www.mymru.ca/web/home-community

Examples of fraudulent URLs are:
https://www.mroyalu.ca/AboutMountRoyal/WhyMRU/
https://www.mymur.ca/web/home-community
https://www.my.mtroyal.ca/Home
Please do not let curiosity get the better of you, and attempt to visit any of these fraudulent websites. They will harm your machine and/or steal your data.

If the sender’s email address ends in anything other than @mtroyal.ca, then it is malicious.

Examples of legitimate email addresses are:
bpasteris@mtroyal.ca
cybersecurity@mtroyal.ca

Examples of fraudulent email addresses are:
bpasteris.mtroyal.ca@gmail.com
bpasteris@mroyalu.ca
bpasteris@mtroyal.email.ca

Please be extra cautious at this time.

Updated 04/27/20

 

Credit Registration stops a cybercriminal – 04/15/20

Every once in a while I get affirmation that all that I do to try and keep all of you safe is working. This was one of those weeks. I would like to take a moment to toot the horn of Credit Registration.

They receive hundreds of emails from students and prospective students every week. The majority of the time they have no idea who they are talking to.  To reduce the chances they will be cyberattack victims, they have put procedures into place that somewhat verify the sender’s identity. It isn’t fool proof, but it is a good balance between practicality and security. What is truly wonderful is their staff follow their procedures.

This week those procedures were tested and they passed.  Congratulations Credit Registration!

No, that isn’t your supervisor asking for your cell phone number – 04/09/20

 

This week has been a busy one for the security team. We have been slammed with a new phishing tactic, requests for cell phone numbers.  Campus inboxes are receiving emails that appear to be coming from a supervisor. They look like this.

 

 

While this one contains a misspelled word, others look perfectly legit. The only clue is the  weird sender email address.

Why do they want your cell phone number? Lots of reasons. First of all they can take your phone number and connect it to your email address which helps build out your data profile so advertisers can more easily target you with ads. Advertisers pay a premium for complete data profiles.

But the benefits don’t stop there. If they have your phone number, know where you work, have an email address and your name, they have enough information to impersonate you with your cell phone provider.  If the customer service agent that answers the call doesn’t follow proper procedures, the scammer can port your number to a different carrier or disable your SIM card and get a new one. Either way you lose control of your phone number and the criminal now has access to everything that uses your phone number for confirmation.  One MRU employee has already found out how damaging this type of attack can be.

Lastly they can send you lovely text messages containing links that appear to come from your bank, include offers for free stuff or opportunities to enter a contest. Clicking on these links load malware onto your device designed to steal passwords, contacts and data.

Your best defense against this type of attack, is to read the sender’s email address before you read the body of the message. If you see that the email is not from a Mount Royal account, you can delete the message before your emotions are triggered by the email content.

If you aren’t sure if an email is legit, you can check the Phish Bowl to see if it is listed there or you can forward the email to abuse@mtroyal.ca. If you find a phishing email, don’t forget to report it by clicking the PhishAlarm button or forwarding it to cybersecurity@mtroyal.ca so we can warn your colleagues.

Updated 05/29/20

Coronavirus based attacks are rampant – 03/19/20

 

As employees all over the world are working from home,  criminals are ramping things up hoping to take advantage of the less secure networks that people tend to have at home. We have surges in phishing emails on campus and across the world related to working from home as well as an increase in malicious websites.  It has gotten so bad the US Secret Service has issued a warning. Here are some things to watch out for.

The fake VPN

As employees struggle to setup a home office, they are signing up and downloading VPN services at record rates. While all of our employees have the advantage of using SRAS, many smaller organizations do not have their own VPN tool and are asking employees to install one on their home computer. If your spouse or roommate are in this situation, warn them to be very careful about what VPN they download. Cyberattackers are offering fake VPN services that download malware onto your machine in record numbers. Make sure they check reviews of the service to ensure it is reputable before they install it on their machine.

Fake COVID-19 trackers

As people attempt to live their lives and stay safe, many are turning to maps that track the location and incidence of infections. Criminals are getting wise and creating their own versions of these tracking websites that infect your computer with malware.

Some enterprising scammers have also created phone apps that supposedly track the infection rate  but load your device with ransomware instead. Stick to well known and reputable websites such as Alberta Health Services and the World Health Organization to get your information about the virus and stay away from any apps related to it including ones that tell you how to get rid of it.

Phishing emails about working from home and COVID-19

Phishing email attacks are off the scale. Everything from fake emails from your organization about working from home, to offers of vaccines and cures.  One of their favorites is fake GoFundMe pages with coronavirus victims pleading for medical help.   Another is pretending to be a colleague who is quarantined and needs help.

You name it, the depraved are going to try it. During this time it is especially important to be vigilant. If you receive an email that doesn’t come from a Mount Royal email address, question its validity. While you are working at home, make sure you use your Mount Royal email address to send business correspondence. DO NOT use your personal email address. This will make it easier for your colleagues to stay safe.

 

Sources:

https://www.securityweek.com/researchers-track-coronavirus-themed-cyberattacks
https://www.securityweek.com/other-virus-threat-surge-covid-themed-cyberattacks

If you don’t report, we don’t know – 03/17/20

 

 

With the world on melt down, cyberattackers took advantage of the mayhem to send out a slew of spear phishing emails to several departments. Most of them had a member who reported the suspicious email right away. As a result, we were able to notify their colleagues before most of them had even opened it.

Unfortunately, one department was left vulnerable. None of their members reported the malicious email sent to them. We eventually found it, but we it was much later and there was a delay in the notification going out.  This delay increased the chances that someone would become a cyberattack victim.

We know that all of you have much on your mind trying to figure out how to teach and work from home. However during this challenging time, please don’t forget to take those extra two seconds to let us know when something suspicious lands in your inbox. The sooner we know, the sooner we can let everyone else know and reduce the risks to everyone’s data, including yours.

 

What is a phish bowl and why you should care – 02/27/20

 

 

The MRU community is made up of a diverse group of people. Some of you just like to forward suspicious emails to abuse@mtroyal.ca without really doing much investigation on your own. Others like to make a game out of looking for phishing red flags.  While still others follow email processing guidelines, just like I have asked.  Thanks to all of you, my job is never dull.

That said, we thought it would be a good idea to give all of you one more tool to help with the challenging job of identifying phishing emails.  IT Services is proud to announce the launch of the MRU Phish Bowl. The Phish Bowl contains a collection of  all the phishing emails that we have received over the past few years.  When you receive an email in your inbox and you aren’t quite sure if it is malicious, you can now search the Phish Bowl for it. If the exact email or a very similar one is posted then you know it is malicious and you can simply delete it.

Each post in the Phish Bowl shows you what the email looks like, points out the red flags and lets you know how to deal with similar emails in the future. Not only is it informative but it is also educational.

If an email doesn’t appear in the Phish Bowl, it doesn’t mean that the email is legitimate. You will still have to use the other strategies that you have been implementing to determine if it is malicious. The Phish Bowl is only an additional tool, not a replacement for your current vigilance.

The Phish Bowl is also helpful for those of you who are not sure if they should forward an email to abuse@mtroyal.ca or not.  If you do a search and find the email already listed, you know there is no need to report it. If it isn’t, then you know you may have a new nasty that needs to be reported.

We will be updating the Phish Bowl as new reports come in.  You can access it here, or from the MRU Cybersecurity Hub at mru.ca/cybersecurity. Look for the Phish Bowl link in the section titled Stay Informed.

 

Our president isn’t announcing a new Responsible Use of Technology policy – 02/16/20

 

The attackers are at it again, this time they have tried to hide behind threats of disciplinary action.  Check out the latest phishing email to hit the campus:

This nasty thing mostly landed in spam folders. However, there are some of you that would have found this in your inbox. The premise is plausible and the pdf attachment looks harmless. If you were to open this email on your phone, the odds are very good that you would assume the email is legitimate. However if you open the attachment a nasty surprise awaits. This is a gentle reminder to double check the sender’s email address before you make a decision to act on an email.

 

Fake UPS email showing up in campus inboxes – 02/13/20

 

Another day, another fake UPS email. Take a look at this sad excuse of a phishing email.

I really do expect more from an attacker.  At least paste an out of focus logo into the email. If you want to steal my money, you should put in a bit more effort than this.

 

Email from The Spamhaus Project is fake – 01/31/20

 

The latest phishing email to arrive in MRU inboxes is this beauty that looks like it comes from The Spamhaus Project, an international organization that creates block lists of spammy and phishy email senders.

 

 

This email is a bit clever as they use a link to the real Spamhaus Project website to try and convince you the email is legitimate while threatening to block your email address. Unfortunately the painfully bad grammar, zip file attachment and wrong email address clearly mark it as a phishing attempt.

You have to give them credit for trying though, if you are in a hurry and don’t take the time to read the email carefully, the odds are pretty good you will panic and click. Don’t get caught, slow down and stop and think before you click.

 

 

How cybersecurity experts become victims – 11/26/19

 

 

Every month I send out a nice little phishing training email to give our wonderful users across campus some practice identifying them. Those people that click and are repeat clickers, work in IT or are a Cybersecurity Champion all tell me the same thing. They were trying to determine whether to click or not while they were in a hurry or while they were on their phones.

The dangers of doing this were highlighted in the Our Community article, I knew I’d been scammed which details how one of Mount Royal’s community members became a victim of a gift card scam. Now KnowBe4 has written its own article describing how one of their cybersecurity professionals clicked in three phishing training emails in two months.  In both cases the individuals were well educated in how to identify a phishing email but were in a hurry and using their phones. The message that keeps getting repeated is to SLOW down.

Before you decide what to do with an email, STOP. If you are on your phone, deal with it later at your workstation. If you are in the midst of doing 7 things, deal with it when you have time to evaluate it properly.

Taking theses simple steps will help keep you from becoming a victim.