A college that we communicate with regularly has had one of their email accounts compromised. As a result, several people around campus have received emails with requests to Download Attachments from Sharefile. The emails look like this:
The name of the college and the email sender have been blurred out to protect their privacy.
What makes these emails so devious is that they come from someone that Mount Royal staff have been conversing with recently. This makes it much more challenging to identify them as malicious.
This is a gentle reminder to everyone to contact the email sender when you receive an unexpected email with a link or attachment using a contact number that you have used in the past or have found through Google. Even if you have been speaking with them recently if you aren’t expecting the email, call to confirm its legitimacy. Just because an email looks like it comes from someone you know, doesn’t mean it does.
That is what our brave Mount Royal employee did and as a result prevented a potentially serious cyber security incident. Had they simply clicked on the Download Attachments button and followed the instructions, they would have given the hacker their Docusign credentials. Who knows what that would have led to.
If you have been using MyFitnessPal from Under Armour, change your password immediately. On March 25 Under Armour learned that usernames, email addresses and hashed passwords were taken from about 150 million user accounts.
The good news is the passwords were hashed or scrambled and will need to be decoded before they can be used. The bad new is, the thieves may use phishing emails to acquire your password directly instead of doing the hard work of decoding it. Change your password directly in the app or through their website instead of using a link in an email.
If you use your MyFitnessPal password for other apps or websites, make sure you change those passwords as well.
Did you book travel online between January 1, 2016 and December 22, 2017? If so your payment card information, date of birth, phone number, email address, full name, gender and mailing address may be in the hands of hackers. Orbitz online travel has reported hackers have infiltrated an older version of their booking platform, exposing the data of over 800 000 customers.
As Orbitz is used by other companies such as AMEX to book travel, the breach reaches beyond Orbitz’s direct customers. So how do you know if you have been affected? Orbitz and its business partners will be reaching out to notify you. However, in the meantime keep an eye on your bank statements, credit card balances and credit report. The good news is Orbitz’s current systems have not been affected. For more details, visit their website.
With the news of the Equifax breach consumers are left reeling, not sure what action to take to prevent identity theft. There are tons of articles talking about credit freezes, alerts and monitoring. Most of this information refers to laws and services particular to US citizens. Some are not even available in Canada. As a Canadian, what do you do?
1. Contact Equifax
- Visit the Equifax site for details.
- All impacted customers will be contacted directly. If you have not been contacted, call them at 1-866-699-5712.
2. Set up a credit file alert.
- With a credit file alert, a request for a new credit product or a change in a credit product cannot be approved without confirmation with the consumer who owns the credit. This prevents fraudsters from signing up for new credit cards or loans as well as preventing them from increasing credit limits.
- A credit file alert should be set up with both Equifax Canada and TransUnion Canada. Each provider has different types of alerts and they don’t share information. Contact the companies for details.
- Equifax will be providing free credit monitoring and identify theft protection for 12 months to everyone who is impacted. Equifax will contact you directly with the details.
3. Check your credit report monthly.
- You can get a credit report from Equifax Canada and TransUnion Canada for free.
- Look for signs of fraud.
4. Sign up for credit monitoring.
- Be notified of new debts.
If your identify is stolen or accounts are accessed:
- Contact your local police department and get a police case number.
- Contact all your financial institutions and give them the police case number to hold in your file.
- Call Equifax Canada and TransUnion Canada and have them place the police case number on your credit reports.
- Report the incident to the Canadian Anti-Fraud Centre.
As the majority of account providers use email for usernames, a compromised email can give hackers access to all of your accounts. This is especially true if you tend to use the same password for multiple accounts. Ideally, you should have a unique password for every account so if one account is compromised the rest are safe. You should also be using a password manager to make storage and generation of passwords easy and secure. However, being the realist that I am I know many of you are still using the same password across multiple accounts.
Have I Been Pwned to the rescue!! After Adobe was hacked in 2013 the website Have I Been Pwned was created. The website allows users to enter their email and find out if the associated credentials appear in for sale lists on the Dark Web. This handy little website also lets you sign up for notifications, informing you the minute they discover that your email credentials have been compromised.
Interestingly enough, many hackers don’t actually use the credentials they steal. Instead they sell them to other hackers who use them at their leisure. This practice gives users a chance to change their credentials before any damage is done. Have I Been Pwned was created with this in mind.
You may be thinking…why sign up for this service, won’t I be notified by the account provider when they have a data breach? Unfortunately, account providers haven’t always been the first ones to detect a data breach and they are sometimes reluctant to inform their users that a breach has occurred. For example, the Adobe breach was discovered by security journalists and not announced for two weeks while Yahoo delayed informing users of their breach for two years.
We strongly recommend that you check out www.haveibeenpwned.com and sign up for notifications. The sooner you are aware that your account has been compromised, the sooner you can take corrective action.
Another day, another list of Mount Royal emails that may have been compromised. How? The emails were used as usernames to login to external websites/accounts. These external websites then had their user’s login credentials stolen. This is not a concern if each website has a unique password. However if you reuse the same username and password combinations for multiple websites, once one is compromised they are all compromised.
As it is not a question of if but when one of your websites has their user’s credentials stolen, how do you minimize the damage?
- Avoid using your Mount Royal email to login to external websites whenever possible. Some sites require your work email to access their services. However the majority of sites allow you to enter any email address.
- Create a separate gmail account for logging in to work related websites. New accounts can be created/added from the Google login page. Once a new account has been added, you can view its inbox on a separate tab giving you access to both your accounts at once.
- Use personal emails for personal sites. This will save you from embarrassment. When a site has a Mount Royal email in its list of usernames and it gets hacked, we are notified. We really don’t want to know that you have a Neopets account.
- Use a unique password for every website. Having difficulty coming up with and storing so many passwords? Use a password manager to store and generate passwords.
- Change your passwords regularly. A significant amount of time often passes before theft of login credentials is detected giving criminals lots of time to use them before they are changed. Changing your password makes stolen credentials useless.
You begin your day like any other, logging into your computer and then logging into your Gmail to check the day’s messages. But this morning is different. For some reason your password isn’t working. You are certain that you are entering the correct password. You have checked to see if Caps Lock is on and still you can’t get in. What do you do?
Your first step is to call the Service Desk. There is a very big possibility that your Gmail account has been compromised. Especially if you use your Gmail username and password combination to login to other accounts.
Once the Service Desk has reset your password and you can get into your account, you need to check your settings. As mentioned in a previous post, once cyber criminals break into your account they like to change its settings so they can regain control of it once you get wise. By checking your account settings, you can make sure your signature hasn’t been changed, that your name appears in the Sent field, that your mail isn’t being forwarded to the criminal and they haven’t given themselves additional access to your account.
Want to decrease the chance that your account will be compromised in the future? Enable two step verification on your account and don’t use your Gmail password for other accounts.
Sooo, you have been nailed by the Satan Ransomware bug. What do you do? Well, if the nasty thing is sitting on a Mount Royal workstation, device or laptop call the ITS Service Desk. If it is your home machines or device, no worries because you have followed our terrific advice and have backed up your data regularly…right? If you didn’t quite get around to that all is not lost. Some nice people at PCrisk have a solution for you. More specifically the wonderful Tomas Meskauskas has written an article detailing how to get rid of the awful thing. Do note, that his instructions only apply to the Satan Ransomware bug. If you have another version of ransomware, his procedure will not work. Once you have followed his advice and successfully averted disaster, do remember to perform those regular backups. The next time you get a ransomware infection, there might not be removal instructions for it.
How I almost fulfilled my dream of owning a pair of red soled shoes
Most days the horror stories I read about and pass along to our community do not directly affect us. They are simply tales of cyber security woe that I pass along to warn the unsuspecting in an attempt to prevent a possible future disaster. Today was different. Today I had an OMG moment. Once of those moments when the world seems to go on pause while you try and process what you have just seen. Today one of our lovely analysts in ITS put a library loaner laptop on my desk. The type of laptop that hundreds of students and staff check out of the library for temporary use every week. On the screen plain as day for everyone to see, was the credit card information of the last person who had logged into Google Chrome on the laptop.
After the shock had worn off, I briefly entertained the idea of doing some post Christmas shopping. I had always wanted a pair of Christian Louboutin’s red soled shoes. However, sanity kicked in and I realized that if this one unfortunate individual had made such an enormous mistake, then there is probably a pretty good chance that others have too.
How was such an error made? How did his credit card information get on that laptop? Google Chrome is to blame. To understand how this could happen, you need to understand how Google Chrome works. Chrome has this fabulous little time saving feature called Autofill. As you fill out forms, Chrome will ask you if you want it to remember the information. Things like passwords, your address and yes your credit card information. So the next time you are asked for it in a form, Chrome fills the form out for you. This is a feature that you can disable. Thing is, if at any time you enabled it and information was stored, the data remains stored in Chrome until you go in and delete it.
That is exactly what happened with our poor library laptop borrower. They opened Chrome, synced their account so they would have access to their bookmarks and then when they were done they closed Chrome and returned the laptop. Thing is when you sync your account it syncs everything including your Autofill information. In addition, when you close Chrome it does not turn sync off, so the next person who comes along and opens Chrome sees all your bookmarks and has access to your Autofill information which in this case included address and credit card data. Thankfully the good people at the library noticed something was up before it was loaned out again and disaster was averted.
I really would love to go shopping on your dime, however my tastes are rather expensive…Louboutin’s start at 500 Euro… so I think the smarter thing would be to tell you how to avoid leaving your personal information on a workstation that isn’t yours.
- If you plan on accessing your Google bookmarks on devices or workstations that are not your own, disable Autofill and delete any stored information.
- When you are done working in Chrome on someone else’s workstation, turn off sync. Logging out of Gmail does not turn off sync, it just pauses it while your passwords and autofill entries remain accessible to whoever is using Chrome.
By following these two simple steps, you will avoid receiving a bill for a pair of these beauties.
With more information everyday coming out about the extent of the hack at Yahoo it may be time to dump your Yahoo account. The scariest part about the breach? It has been determined that the hackers got a hold of Yahoo’s code for cookies and have the possibility to forge them. Why is that so scary? It allows the hackers to access user accounts without passwords, making changing your password a useless exercise. Yahoo is contacting users who may have had their cookie information stolen. However, do they really know which users have been effected and to what extent?
Have a Yahoo account, but you aren’t sure how to proceed? Check out this article from KrebsOnSecurity.