Cybersecurity Blog

Fake email from Tim Rahilly arriving in spam folders – 09/18/19

 

This week the campus community is finding a particularly clever phishing email in their spam folders. It looks like this:

 

 

This is the third time our illustrious leader has been impersonated. Although this email is mostly  landing in spam folders, I thought I should bring it to your attention in case it sneaks into an inbox or two.

Your on-the-ball colleague caught this one because they checked the sender’s email address. This is a gentle reminder to follow their lead.  With all emails that ask you to take some sort of action, whether it is opening an attachment, clicking on a link or providing information, always check the sending email address BEFORE you read the email. If the email address is wrong, it is less likely your emotions will be triggered and rational thought will be by passed.

If this darling arrives in your spam folder or inbox, it can safely be deleted.

 

Clever Staples phishing email showing up in MRU inboxes – 09/05/19

Classes have begun and the hackers are betting that employees across campus will be ordering supplies. They have begun sending out fake order confirmations from Staples.  These emails are extremely well done.  Take a look.

 

 

I especially like the note at the bottom that specifically asks you to reply to the email.  Just in case you are suspicious, they have given you some lovely directions that will put you in touch with them.  Very clever.

The only real tell, unless you are super familiar with the email that Staples uses for order confirmations, is the View here button URL that takes you to chainetwork.club. Definitely not Staples.

As with all other emails that come from organizations that you are familiar with, visit their website directly to check orders, confirmations and payments. Do not use links in emails even if they look as legitimate as this one.

 

MRU employees receiving email requests over the phone – 08/23/19

 

 

This week several employees reported receiving calls from someone claiming to be from Adobe asking them if they wished to receive emailed documents about their products.  Those who reported the calls declined, so I can’t say if the calls were legitimate sales calls from Adobe or if they were pretexting calls.  Regardless of which they were, agreeing to be emailed documents usually doesn’t end well.

If the calls are legitimate sales calls, you could be agreeing to receiving hundreds of spam emails.  If they are pretexting calls, the email they send you could have malware attached to it or contain a link to a webpage spoofing a legitimate site designed to steal your login credentials.  To add to the misery, they could then take any information that you have given them over the phone and use it to create additional phishing emails that are almost impossible to detect.

Unfortunately this is the second time that we have had these type of calls on campus. As pretexting is on the rise, I suspect we are going to see a lot more of them in the coming months. This is a gentle reminder to be alert if someone calls you asking you for information they should already have or asks for personal information they shouldn’t know.

If it is a sales call and you are interested in their services, hang up the phone and call the company using a phone number listed on their official website.  If it is from an organization that you know, hang up and call them directly using a phone number you know is legitimate.  Never call them back on a phone number they give you.

 

MRU targeted by phone – 08/08/19

 

 

This week a rather irritating phone campaign has hit the campus. Phone solicitors are calling employees and asking them to confirm their role. If the employee does, the caller asks if they can send them some email. This particular campaign is more annoying than malicious. However, it provides a great opportunity to review phone safety.

With people becoming more tech savvy and cybersafety aware, it is becoming harder for criminals to score with a simple phishing email. To increase the odds that their potential victims will be tricked, they are turning more and more to pre-texting. The phone is fast becoming their favorite tool.

Typically a target receives a phone call with the scammer pretending to be someone who is trusted or has a right to the information they are asking for.  They will often ask questions that seem innocent enough. However they are gathering information about you and the University that they can use against you later. Armed with enough information, they can create a phishing email that is almost impossible to identify as malicious.

If you receive a phone call from someone who is asking for information they should already have or that they shouldn’t know, politely ask them for the name of their organization and then tell them you will contact them later. You can then hangup and call that organization directly using a number that you have either used before or comes from the organization’s official website.  If you cannot reach the individual through the organization’s switchboard, then you know that it is a scam.

 

 

Iranian hacker group using LinkedIn to deliver malware – 08/06/19

 

 

FireEye has identified a new phishing campaign targeting oil, gas and energy companies as well as utilities and government organizations. The rather clever criminal contacts victims through LinkedIn claiming to be a researcher at the University of Cambridge. Once contact is made, the victim is offered a job and asked to provide a resume.  As part of the application process, they are also asked to go to cam-research-ac.com to download and fill out a document. Of course once they do, malware is loaded onto their computer.

What makes this campaign so concerning is the assumed legitimacy that comes with using LinkedIn to communicate with potential victims. People tend to trust the platform and therefore trust those that use it to communicate. Unfortunately, this trust is misplaced.

When you are contacted by someone you don’t know on any social media platform, treat that communication with the same skepticism as you do with any email message. Just because they say they are from a trusted organization, does not mean they are.  Before you engage in conversation, call their organization and confirm that they are in fact employed there.  A little homework can save a lot of headache.

 

Watch out for fake Equifax settlement emails – 08/01/19

 

 

 

Cybercriminals are sending out fake Equifax settlement emails. These emails are promising free credit monitoring and/or compensation. To make matters worse, they are spoofing the real Equifax settlement page. So if you click on the link in the email, you are sent to a very convincing web page encouraging you to file a claim. Of course, if you fill in their form with all of your personal information you are just sending your data to the criminals.

If you need to file a claim, do so by visiting the FTC website. You can find information there about the data breach and the settlement as well as a legitimate link to the Equifax site.  Do not click on any links in any email that appears to come from Equifax. Visit their site directly using a browser search result or a bookmark. Everything that you need to know you should be able to find there. If not, there will be legitimate contact information you can safely use.

 

Fake benefits enrollment email arriving in MRU inboxes – 06/28/19

 

 

The following email is showing up in inboxes around campus.

 

 

This fake email is not from the IT Service Desk.  Normally I would go through and show you all the things that are wrong with this email. However, as many of you have been readers for a while, I thought it would be nice to have some fun with this one.

Take a look at the email and then comment below on what you think flags this email as phishing.  Next Thursday, I will go through the comments and add any that were missed. Let the commenting begin!

 

Another Canadian university targeted by MacEwan-like scam – 06/26/19

 

 

Last week was a rather exciting week for a Canadian university as a scammer tried to convince the university’s finance department  to deposit money into their account. The scammers were thwarted by a Finance clerk who followed procedure.  Yes, the superhero in this story is boring, annoying old procedure. Here is how it went down.

The university was building a new student centre.  So when a Finance clerk received a request for a direct deposit form that looked like it came from the construction company working on the project, they thought nothing of it. They replied to the email request with the form and instructed the company to complete it and forward it to the Finance VP’s admin assistant, as per procedure.

When the admin reviewed the form, everything looked fine at first glance. However when she called the construction company to confirm that they had sent the request, as per procedure, they learned that they had not.

Realizing that they were being targeted by a scammer. The University staff looked closer at both the emails and the completed form. They discovered two things. First the beginning of the email address was  correct, but the word “group” had been added to the end of it.  Second the name of the site manager on the form was correct but the signature on the form was clearly forged. Both of these red flags had been missed. However, because both the admin and the clerk had followed procedure, disaster was adverted.

Unfortunately the City of Burlington in Ontario wasn’t so lucky.  It isn’t know if procedures weren’t followed or if they weren’t in place. However, when they were targeted with a similar change-to-payment scam,  they lost $503, 000 to the scammers.

This is a reminder that procedures are in  place to help, not hinder. We are all human. We make mistakes. However, following procedure  helps us do our jobs successfully and keeps us out of trouble.  Regardless of which department you are in, follow your teams procedures. They are there to help.

 

New email scam impersonates MRFA president – 06/26/19

The following email showed up in MRU inboxes this week.

There are two things that make this email so convincing. First Melanie’s email address is, in fact, correct.  No, her email wasn’t compromised. It was spoofed.   Second, they name a colleague as the person who will reimburse you. A nice touch actually.  With such a convincing email, how the heck are you supposed to know this is a scam? Well, there are a few tells.

First off, the grammar is rather crappy. Not what you would expect from the president of the MRFA. Second, if you try calling Melanie to confirm she sent the email, you get a phone message saying the MRFA office is closed and she isn’t returning messages.  If the office is closed, why would she be sending money to vendors? Third there is a sense of urgency. The email says the money needs to be transferred today. Lastly, she is asking you to take money from your personal account. That is a HUGE red flag. Why on earth would she ask you to take money from your personal account to pay a vendor? Nothing makes sense in this email except the email address and name dropping.

The best way to protect yourself from this type of a scam, is to go slow and question everything. If something doesn’t add up, call the email sender to confirm that they sent the message. If you aren’t sure you can forward the message to abuse@mtroyal.ca and we will take a look at it for you.

That is just what Megan did. Thanks to her quick actions, we were able to track down those who received this message, notify them it was a scam and stop the attack in its tracks. Way to go Megan, you are a superhero!! Be a superhero like Megan, report malicious emails to abuse@mtroyal.ca and help protect your colleagues from scammers and hackers.

For Megans efforts, she will be receiving  a commitment sticker. Want your own sticker? Report an malicious email to abuse@mtroyal.ca or come down to see me on Main Street on August 20th from 10:00 am to 2:00 pm.  Pick up your sticker and spin the prize wheel to win cool swag.

 

 

 

Reply to emails cautiously – 05/22/19

 

 

Since September, the Mount Royal community has been targeted by a gift card scam.  With this scam, criminals send you an email that looks like it comes from your supervisor asking you if you are available. If you respond, they ask you to purchase gift cards and send them photos of the redemption codes. This past weekend another 300 or so Mount Royal inboxes received one of these scam emails.

Fortunately, we had more people reporting them than we had people responding to them. Some of those that did respond sent out personal information such as where they were located, photos and their plans for the weekend. To our knowledge, no one went as far as purchasing gift cards. We are thankful for that.

Realizing that you gave scammers personal information about yourself just feels creepy. It is also dangerous.  The criminals can then take that information and use it as content in malicious emails that are sent to yourself or others. This makes the emails seem legitimate  increasing the likely hood that someone will be tricked.

In addition to being dangerous, conversing with the scammers encourages them to continue targeting Mount Royal. If they get a response to an email, they know it is only a matter of time before they convince someone to follow through and purchase those gift cards. Ignoring their inquiries will not stop the attempts, but it will reduce their frequency.

The best way to defend yourself from giving out personal information to criminals is to check the sender’s email address before you read the body of the email.  That way you have a better idea of who you are talking to before you respond. They may still be a hacker, but the odds are much smaller. Just by taking this small simple step you greatly reduce your chances of sharing information that you wish you hadn’t.