Cybersecurity Blog

Mount Royal Community Member gets fake CRA call – 03/09/18

 

One sure sign that spring is on its way…tax scammers pop up along with the tulips.  Although we are a ways away from enjoying the tulips, the scammers are out in full force. One Mount Royal employee came into work to find this on his voicemail.

Click the far left of the bar to listen to the voicemail message.

Pretty nasty huh? So how to do you know this is a scam?  Simple, the CRA will never phone you and threaten legal action or arrest. They will never send someone to your house to collect payment or to arrest you either.  This was a voicemail, so it was easy to calmly listen to the message and analyze it to determine if it was legitimate.

What do you do if they have you on the phone and they are threatening you? The scammers can be very insistent and believable causing considerable stress and confusion. If you experience a call like that from the CRA, tell them you will call them back and hang up. You can then contact the CRA at 1-800-959-8281.  If there are any issues with your taxes, whoever answers the phone will be able to address them.

Watch out for phishing emails from the CRA as well. As I mentioned in a post last year, the CRA will never email you unless you have given them previous permission to do so and they will never send you an email with links unless you have specifically requested a document.

For more information on how to identify CRA fraud and protect yourself, visit the CRA website.

Payroll related phishing email making the rounds – 02/02/2018

Another day, another phishing attack making the rounds. The latest asks you to confirm your identity by clicking on a link and logging in. These emails often refer to  issues with your paycheck or benefits that need to be resolved. Replying to one of these emails and asking for more information results in a very quick and convincing response assuring you everything is on the up and up.

If you ever receive an email asking you to use a link to login to confirm your identify, close the email and login to the site directly using a bookmark or Google search result. If the request is legitimate, you will be able to find it on the official web site.  If you cannot find the information and are still not sure of the email’s legitimacy, contact them by phone or email using contact information taken from their official site.  If you do determine that the email is a phish, forward it to abuse@mtroyal.ca and then report it as phishing to Google.

As always, if you are in doubt contact the IT Service Desk.

 

Mount Royal Employees Receiving Recorded Messages From “Google” – 12/11/17

 

Several employees on campus have been receiving calls ask them to verify their business on Google.  The caller is a recorded voice or robo call. If you choose to press 1, you are connected to a person who tries to sell you a service.  They are not from Google, but are using Google’s name to sound legitimate. Their service is a scam as verification of a business on Google is done through snail mail, and there is no charge for it.

If you receive a robo call, make note of the organization calling and hang up.  You can then contact the organization directly and determine if they have a legitimate need to contact you.  Robo calls are usually trying to sell you something or are scams.

Scammers don’t just use robo calls to con you out of your hard earned money.  They will call you directly as well, creating a sense of urgency to trick you into signing up for an over priced service that you don’t need.  If a person calls you and asks for payment of a service over the phone, ask for the name of the organization and tell them you will call them back.  Google them and check reviews of their service. If you decide that you do want to sign up,  contact the organization directly using the contact information found in the Google search.  Do not be tricked into using a phone number that the caller gives you. If they are legitimate, you will be able to contact them using a publicly available number.

Threatening voicemail left at Mount Royal – 11/21/17

 

Yesterday one of our staff members checked her voicemail and found a nasty message from an “Officer” Robert William asking her or her attorney to call him immediately before “the legal situation unfolds”.  Our quick thinking staff member Googled the number, 905-581-1528 and discovered that it was a phone scam.

Had she called them, she would have been asked her personal information including her SIN.  Armed with that info, the crooks would have applied for credit cards and loans in her name, leaving her on the hook for the payments.  Only after months of paperwork and expensive legal fees would she have been able to clear her credit record and name.

This is just a reminder to never give out information people already should have, over the phone, in an email or text.  If someone calls you and tells you they are from your bank, a vendor, the CRA, RCMP or Calgary Police Service:

  1. Ask for their name.
  2. Tell them you will call them back.
  3. Call the organization’s switchboard directly using a number that you obtain from a Google search or that you have used before.
  4. Ask for the individual by name.

If they insist that the only way to reach them is through a number that they give you, you know that it is not a legitimate call. If they tell you that they may not be available when you call back, you should be able to have your account or file reviewed by someone else in the same department.

Remember, no legitimate agency threatens legal action over the phone.

Scam of the week – Netflix Suspension notification 11/07/17

A massive phishing campaign is underway. Emails with the subject line “Your suspension notification” are making the rounds. The email includes Netflix’s logo as well as mention of  “The Crown” and “House of Cards”  giving it a real sense of legitimacy.  Clicking the link takes you to a fake Netflix page asking for your login and credit card information.  Of course doing so gives your information to the bad guys.

With criminals getting so good at creating fake emails that look like they are legitimate, how do you know if it is a scam or if you really do have a problem with your account? Quite honestly, you don’t. That is why it is best to ignore the email entirely and go to their website directly using either a bookmark or Google search.  From their webpage, you will be able to access your account information and safely update it if it is required.

Las Vegas Victims Charity Scam – 10/12/17

 

Just like clockwork, the scammers have surfaced to take advantage of the tragic shooting in Las Vegas. The have created fake gofundme pages, fake facebook pages and fake charity sites all designed to tug on your heart strings and take your money. They are enticing you to visit these fake sites by sending texts and emails encouraging you to donate and help out the unfortunate victims.

At the very best clicking one of these links or visiting one of these websites will result in the donation going to the scammer. At the worst, your financial information can be compromised or malware can be loaded onto your computer.

If you wish to donate, be careful of the sites you visit. Use a google search or bookmark to find your favorite charity.  Ignore facebook posts, texts and emails asking you to donate as they could be set up by scammers.

Want to donate, but you aren’t sure who is legitimate? Visit www.charitynavigator.org. This free website will let you know if a charity is legitimate or a scam.  By being aware, you can make sure your money goes to the victims and not the criminals.

Alert – Mount Royal Target of Spear Phishing – 05/05/17

Mount Royal employees are being targeted in a new high impact email phishing campaign. What makes it so alarming?

  • The email sender is David Docherty and it appears to be coming from his Mount Royal email address.
  • It disguises its malicious intent by using a friendly tone and it doesn’t contain a link or attachment that usually accompanies a phishing email.

However, it should raise a red flag because normal payments are not requested this way. Take a look:

 

The personal information is blocked out to protect the user’s privacy.

 

How do you protect yourself against this type of attack?

  • Always pay attention when processing your emails.  Do not multitask.
  • Be familiar with your department’s procedures and processes. Anytime you receive an email that goes against those procedures or processes, you should contact the sender directly to confirm it’s legitimacy.

Remember, just because an email looks like it comes from someone you know, doesn’t mean it is. Just because an email doesn’t contain links or attachments, doesn’t mean it isn’t malicious.

Huge kudos to our people in Finance who identified this. You are our superheros!!

Alert – Fake Invitations to View a Google Doc – 05/03/17

 

There are two new phishing emails that are making the rounds with fake invitations to view  Google Docs.  They are both very clever and they are both sent from someone that is in your contact list. The first one is a bit easier to spot as it looks something like this:

The personal information has been blocked out to protect the user’s privacy.

 

For those of you who have received an Invitation to View a Google Doc before, it is easy to pick up what is amiss with this email.  However for those of you who haven’t, this is what a legitimate Invitation to View a Google Doc looks like.  When you click the Open in Docs button, the document is opened for you.

 

The second phishing email is more sophisticated in that it looks a lot like a legitimate Invitation to View a Google Doc.  The only thing missing  from the email is the name of the document. However if you click on the Open in Docs button instead of viewing the document, a dialog box appears asking you for permission to access your email. This is the tip off that something is awry. Google Docs does not need access to your email to function.

If you see a dialog box instead of a document when you click the Open in Docs button, DO NOT CLICK on anything. Disconnect your computer from the Internet and call the IT Service Desk.  If you want to learn more about this phishing campaign, check out the CBC article.

As these latest phishing campaigns show, criminals are getting more and more sophisticated in the development of their phishing emails.  It is getting harder and harder to determine what is a legitimate email and what is a scam. To avoid becoming a victim of cyber crime, verify the legitimacy of all unexpected emails containing links or attachments regardless of who they come from.

Latest scam: The fake Whatsapp voicemessage – 04/18/17

 

Coming soon to an inbox near you, an email from Whatsapp notifying  you that a voice message is awaiting your response. The email includes a handy Play button so you can listen to the message without having to open Whatsapp.  So thoughtful of them. Of course clicking the Play button loads your computer with malware allowing the criminals to steal your identify or encrypt your files and hold them for ransom.

This is yet another reminder not to click on links/ buttons/ attachments/photos in unexpected emails.  Criminals are getting more and more creative and sophisticated, crafting emails that are getting harder and harder to detect as fake. However, you can avoid becoming a cyber crime victim by simply adopting the practices of:

  • Being fully present when reading your emails.

Criminals count on you being distracted when you read your email. The majority of attacks occur on the day before a long weekend when users are not paying attention to what is in their inbox. They click not because they don’t know better, but because they aren’t paying attention.

  • Visiting known sites or apps directly.

If you receive any kind of notification from any organization or application, visit the site or open  the application directly. If it is legitimate the same information that is in the email will be found on the website or in the application.  Do not trust the email.

  • Calling  people from your contact list to confirm that they sent an email.

If you recognize the sender, do not assume the email came from them. Cyber criminals can hack your contact list and make it look like a trusted friend sent you a nice cat video. Call the sender directly and confirm that they sent the email.

 

 

Airline email scam catching 90% of users – 04/07/2017

 

A group of cyber criminals are having a lot of success with the latest spear phishing campaign. They are mining social media  for information on where and when you may be traveling. Using this information they send out fake airline reservation confirmations or receipts that look just like the real thing using an email address that looks legit.

Many of these emails contain links to sites that look like the real thing, asking you to enter your username and password and encouraging you to open an attachment or click on a link that loads malware. The loaded malware allows the criminals to hack into the network.

These criminals are clever enough to vary the format of the email and the delivery method for the malware, making it more difficult to detect.

If you receive a confirmation for a flight or a receipt, do not click on any links or open any attachments.  Instead, go to the website of the airline directly using a URL that you know is legit and check your account or reservation on the site itself.

If you do click on one of these links or open one of these attachments, please disconnect from the network and call the Service Desk at 403-440-6000 immediately.