Cybersecurity Blog

Reply to emails cautiously – 05/22/19

 

 

Since September, the Mount Royal community has been targeted by a gift card scam.  With this scam, criminals send you an email that looks like it comes from your supervisor asking you if you are available. If you respond, they ask you to purchase gift cards and send them photos of the redemption codes. This past weekend another 300 or so Mount Royal inboxes received one of these scam emails.

Fortunately, we had more people reporting them than we had people responding to them. Some of those that did respond sent out personal information such as where they were located, photos and their plans for the weekend. To our knowledge, no one went as far as purchasing gift cards. We are thankful for that.

Realizing that you gave scammers personal information about yourself just feels creepy. It is also dangerous.  The criminals can then take that information and use it as content in malicious emails that are sent to yourself or others. This makes the emails seem legitimate  increasing the likely hood that someone will be tricked.

In addition to being dangerous, conversing with the scammers encourages them to continue targeting Mount Royal. If they get a response to an email, they know it is only a matter of time before they convince someone to follow through and purchase those gift cards. Ignoring their inquiries will not stop the attempts, but it will reduce their frequency.

The best way to defend yourself from giving out personal information to criminals is to check the sender’s email address before you read the body of the email.  That way you have a better idea of who you are talking to before you respond. They may still be a hacker, but the odds are much smaller. Just by taking this small simple step you greatly reduce your chances of sharing information that you wish you hadn’t.

 

 

Is it spam or is it phishing? 05/23/19

 

 

I am truly delighted with the number of malicious emails that are being forwarded to abuse@mtroyal.ca.  The Mount Royal community is doing a great job of letting us know what to look for and helping us defend their data. There is one question that people keep asking though, what is the difference between Spam and a phishing email? I thought I would take a moment to clarify.

Spam email
  • Goal is to sell you something.
  • It is sent to hundreds or thousands of people at a time.
  • Reading the email does not generate an emotional response.
  • It may or may not contain links
  • Clicking on the links will take you to the organizations website.
Phishing email
  • Goal is to steal your data or use your workstation as a tool to access data on other people’s devices.
  • It can be sent to thousands of people or just one or two.
  • Reading the email generates an emotional response.
  • It may or may not contain links and or attachments.
  • Clicking on the link or opening an attachment takes you to a fake web page and/or loads malware onto your device.

The easiest way to determine if what you are dealing with is spam or phishing is by examining the purpose of the email. If it looks like they are trying to sell you something, then it is probably spam. If it looks like they are trying to confuse or trick you, then it is likely phishing.

Spam emails should be marked as spam by clicking the stop sign icon in the Gmail menu bar. Phishing emails should be forwarded to abuse@mtroyal.ca. If you aren’t sure which one it is, forward it to abuse@mtroyal.ca and we can let you know.

 

Job scam landing in MRU inboxes – 05/13/19

 

 

The latest scam to make the rounds is an email that appears to offer the recipient an opportunity to apply for an admin position.  It looks like this:

The email comes from the Vice President of an organization called the Robert Sterling Clark Foundation.  It is a real organization and the sender’s email address appears to be legitimate. Most likely, the sender has had her email account hacked and the scammers are using it to send out these fraudulent emails.  The poor grammar and hotmail email address are clues that something isn’t quite right.

Without responding to the email, it is impossible to know exactly what the scam is. However there are some standards tactics used. In the first one, once you send them your resume  they offer you an interview but charge you a fee of several hundred dollars to participate. No company will ever charge you to be interviewed.

In the second tactic, you are either given an interview through text or email or just offered  the  job outright based on your resume.  Once you accept the position, they send you a cheque. You are then asked to deposit the cheque into your account and then immediately transfer the same amount of money from your account to another.  Of course in a few days their cheque bounces and your bank account is minus those funds.

No legitimate employer will offer you a job without a proper face to face interview. Nor is there a legitimate reason for an employer to send you a cheque and ask you to deposit it in your account only to have you immediately transfer it to another.

To protect yourself from job scams:

  1. Do not pay for an interview or for interview expenses.
  2. Do not accept a position that does not require a face to face interview.
  3. If you are asked to make purchases or transfer funds on your employers behalf, make sure any fund transfers or cheque deposits clear before you do so.
  4. Research perspective employers. Make sure you can reach your contact person through the company’s main contact number or email listed on their website. Check for reports of fraud involving the company.

Remember, if it seems too good to be true, it probably is. Just ask this woman from New Brunswick.

 

 

If it seems to good to be true, it is. 03/20/19

Everyone likes a good deal.  So when one of our analysts found a 2014 Jeep Wrangler Rubicon with less than 50000 km on Autotrader for $11500, his heart skipped a beat. This vehicle was loaded with aftermarket goodies and usually goes for four times the price.  Check her out, she is a beauty!!

 

 

He hoped with all his heart, that this was the real deal. However with the price being so low, his scam detector was running at full power. He contacted the seller and discovered that the vehicle belonged to her father who has just passed away. She knew nothing about jeeps and just wanted to get rid of it. Hmmm, that sounded plausible. He investigated further.

The seller informed him that if he wanted to purchase the jeep he would have to do it through WTC, otherwise known as Wiozacars Trading Corporation. Our analyst did some research and found that it was an escrow company with tons of good reviews from various sources going back several years. Oddly enough, there wasn’t one link in the three pages of search results to the company’s website. Maybe it didn’t have one. This might be legit after all.

Our analyst informed the seller that he was interested but didn’t know anything about WTC and asked for more information. The seller sent him detailed instructions on how to complete the transaction along with a link to the WTC website. That is when things started to fall apart. If the company had a website, why didn’t a Google search find it? He clicked the link the seller provided and found a very beautiful and professional looking fully functional website.

He decided to call their bluff and asked if his wife could look at the vehicle. Never mind that he was in Calgary and the vehicle was in Quebec. By now he was certain it was a scam, however he wanted to see what the sellers would do. Sure enough, after his request all communication stopped and the ad was removed from Autotrader. Scam confirmed.

No matter how badly you want to believe that once in a lifetime deal is the real thing, take the time to do your research. If their website doesn’t come up in a Google search or they are asking to use an unknown third party to do the transaction, walk away.

 

Brazen phishing email asks for passport information – 12/17/18

 

 

This week a new phishing email is popping up in Mount Royal inboxes. The cheeky criminals are coming right out and asking for passport details as well as other personal information. They don’t even bother with links or fancy look a like web pages.  They just ask for your information so they can send you money.  The email looks like this:

 

 

Because this is a low tech scam, people tend to let their guard down and be more receptive to getting hooked. The scammers count on this and hope the victim gets excited enough about the possibility of getting free money to give up their personal information.  Once they have it, they can use to to steal their identity and wreak havoc on their life.

This is definitely a case of, if it seems too good to be true then it probably is. No bank will email you out of the blue to ask you for passport information. If you refuse to accept reality and want to cling onto hope, then contact the bank directly to ask them if they are trying to transfer you some money.  Don’t ever send personal information like passport, driver’s license or credit card information in an email.

 

Cyber criminals try bomb threats, fail and turn to threats of acid attacks – 12/14/18

 

 

Last week inboxes across North America received phishing emails that threatened to blow up their place of business if they did not immediately pay $20 000 in bitcoin. The good news is there was no bomb.  The bad news is not everyone understood that.

Police departments across the continent were flooded with calls from panicked citizens reporting the bomb threats.  The bomb threats were so disruptive that police forces in the US and Canada issued reports and held press conferences assuring citizens that the threats were part of a phishing scam.

Unfortunately for the criminals, no one is paying the extortion fee. So while they get an A for getting everyone’s attention, they get an F for not making any money.

Having bombed with their bomb scare (sorry, I couldn’t resist), this week the criminals are threatening an acid attack if they aren’t paid. Apparently they are trying to repeat the success of their sextortion scam which netted them $146 380 in three days. So if you receive an email in broken English threatening to throw acid in your face if you don’t pay up, delete it.

Must Read – They’re back and this time they’re impersonating David Docherty – 12/12/18

 

 

 

The MRU impersonators are at it again.  Apparently they didn’t get bites just pretending to be a supervisor so they have upped their game.  Their third attempt uses an email that appears to come from Dr. Docherty himself.

 

As with the other attempts, if you respond to this email you are asked to purchase gift cards. This is just another reminder to check the sender’s email address when you find yourself responding emotionally to an email.

 

Must Read – MRU impersonators are back – 11/16/18

 

They’re baaack!

 

A few weeks back I warned the Mount Royal Community that emails were making the rounds that appeared to be from Mount Royal Employees.  Typically the impersonated employees  were supervisors of some sort and the emails were sent to their reports. The criminals were taking advantage or our natural tendency pay attention and take action when we are contacted by our supervisor.

Unfortunately the scam is back.  Thankfully abuse@mtroyal.ca has been flooded with reports and no one has yet taken the bait. However just to be on the safe side, I thought I would give everyone a friendly reminder to check the sender’s email address before responding to an email.

 

Scammers sending emails that look like they came from your account – 10/24/18

 

 

There is a new twist on the you have been naughty scam.  Criminals are sending emails that once again claim that they have evidence that you have been visiting porn sites and if you don’t pay them, they will make that information public.

The newest form of the scam claims that they have installed a RAT (remote access Trojan) on your computer that allows them to send the evidence from your device. To drive home the point, the email looks like it has come from your email account.

The good news is, it is all a big bluff.  They don’t have access to your email, they are only spoofing the email address. Your account is secure.  Your reputation is intact and you can peacefully delete the email.

 

Scammers using voicemail to steal WhatsApp accounts – 10/17/18

 

 

Armed with nothing more than your phone number, criminals can steal your WhatsApp account.  How? By registering your phone number on their phone. Here is how it works.

First the attacker makes a request to have your phone number registered to the WhatsApp application on their phone. When WhatsApp receives the request, they text a verification code to your phone.  The scammers make their request in the middle of the night or when you are on a flight so you don’t see the verification code. With the text not answered, WhatsApp offers to read out the code and leave it in a voicemail.

If your cell phone carrier has a default password set up for voicemail and you have not changed it, the criminal simply enters the default password and boom…they can hear the verification code. Once they enter that code, the account gets transferred over to their phone. The attacker then sets up two step verification on the account and you have no way of getting it back.

The moral of the story, set strong and unique password for your voicemail.  While you are at it, do that with all your accounts.