Cybersecurity Blog

Must read – Using your @mtroyal email for personal stuff? Please don’t. – 07/20/18

 

 

On a regular basis, account providers are hacked and their customer data is stolen and put up for sale on the dark web in large data dumps. Usernames and passwords are often included in the information.  As over 30% of users reuse passwords and usernames, once a hacker has that information they can access several accounts.  As part of our ongoing efforts to keep Mount Royal’s data safe, we subscribe to a service that lets us know if any @mtroyal.ca email addresses appear in these lists. If an account provider gets hacked and a user used an @mtroyal.ca email address as a username, we get notified about the breach. We then force a password change on the account to ensure it stays secure.

Where things get uncomfortable is when users decide to use their @mtroyal.ca email address for personal accounts.  Many account providers who deliver special interest content do not have the best security practices and are often hacked. We really don’t want to know that you belong to the Jelly of the Month Club or you are a member of Poniverse (those are the G-rated ones). Please save us and yourselves the embarrassment.  Use your @mtroyal.ca account for business purposes only.

 

Some Google Groups are leaking data – 06/05/18

 

Have you checked the settings on your Google Group lately? By default when you create a group, only group members can post and view messages  and people must ask to join the group. However, researchers have discovered that thousands of Google groups have their permissions set to allow the general public to view the group posts.  This would not be an issue if the people posting information to the Google Group understood that their posts could be viewed by the public. However, sensitive and private information has been found within these group posts suggesting that they really have no idea.

If you are the owner of a Google Group, please take a moment to check your permissions. To check permissions:

  1. Open the Google Group.
  2. In the title bar of the Google Group,  click Manage. The left menu changes.
  3. In the left menu, click Permissions. A list of permissions appears.
  4. Click to select each permission type and review its settings.

Please note that if you have selected All organization members, to View topics or Post anyone with an @mtroyal.ca email address may do so. This includes students, staff and faculty. If you have selected All members of the group, users must actually join the group to be able to post or view emails/topics.

If you wish to email/post to a Google Group, check the settings of the group to see who can see the messages you send. To check the settings:

  1. Open the Google Group.
  2. In the title bar of the Google Group, click About.
  3. Scroll down to find the Access section. The posting and viewing permissions of the group are listed here.

If you have questions or concerns about setting permissions, please contact Bernadette Pasteris at bpasteris@mtroyal.ca.

Hackers using calendar events to deliver malicious links – 05/23/18

Hackers have discovered a new way to deliver malicious links, through your Google calendar. How? Simply by creating a calendar event and inviting you.

By default when you are invited to a Google calendar event, the event appears in your calendar whether you have responded to an invite or not. The sneaky hackers know that if you receive an email with an invite from someone you don’t recognize, the odds are great that you will simple delete it or ignore it. So, they create an event with a vague description and include a link to the meeting agenda but choose to not email the guests.

What the hackers hope is days or weeks later when you receive a meeting notification or see the event sitting in your calendar, you will think you have forgotten about a meeting and will open up the event and click on the link to view the agenda.  I know what you are thinking, I wouldn’t fall for that because I would check the meeting owner’s email. Ideally that is exactly what you would do, however when humans think they have messed up they tend to panic and click.

How do you protect yourself from the panic and click? You can change your event settings on your Google calendar. Go to Settings and select Event Settings. In the Automatically add invitations section, select No, only show invitations to which I have responded. This prevents events from being added to your calendar without an email invite so you can’t be ambushed.

Help! I think I have a virus! – 04/24/18

Is your computer acting weird? Is it suddenly working really slowly? Are pop-ups all over your screen? Are folders graying out and can’t be opened? Are files suddenly unavailable or can’t be found? Is your mouse moving on it’s own? Has the text become unreadable? Do you have a virus alert? If you are experiencing any of these, you could have a virus or malware on your computer.

If you think you have malware on your machine, do not turn off your machine, some types of malware load on start up. Do not run a virus scan, some types of malware corrupt anti-virus programs.  Do not try to fix the problem yourself. Do not panic, help is available.  So what do you do?

  1. Don’t touch anything. Many types of malware are loaded by clicking anywhere on a pop up window. If you don’t click, you may be able to prevent an infection.
  2. Disconnect from the Internet. On your workstation, unplug the network cable. On your mobile device, disconnect from wifi.
  3. Call the IT Service Desk.

Not sure what a network cable looks like?  It looks like a phone cable, but comes out of the back of your computer.  It can be red, white, black, blue, gray or yellow.  Still not sure? Here is a photo for you:

Network Cable. Does not come with little blue men.

 

Worried about getting into trouble and you don’t want to call the Service Desk? Please don’t be. IT Services has service in the name for a reason. We are here to help you. We know you are human. We know people make mistakes. We like to get your calls.

Misspelling a URL can load your computer with malware – 04/24/18

In today’s world of brand recognition, nothing is more important than your domain name. Whether you are Coca-Cola, ESPN or Freds Furniture, you need a web page that people can find just by typing the name of your business.  What happens though when a consumer gets the name wrong? On-the-ball businesses buy the domain names for common misspellings of their name and redirect consumers with fat fingers to the correct web site. Those that don’t, leave consumers and their business exposed.

Criminals are buying up the misspelled domain names of popular web sites and loading them with malware. This practice is called typosquatting. It costs businesses millions in sales and untold grief for consumers.  In the best case scenario, visiting one of these sites will result in your anti-virus going spastic with pop-ups and alerts. At the worst, malware too new for your anti-virus to recognize will be quietly and efficiently deposited onto your machine. Many of these web sites can only be visited once. A repeat visit results in a 404 web page not found error, making it difficult to shut the site down.

The easiest way to protect yourself from typosquatting is to use bookmarks to visit your favourite sites. When looking for new ones, read and re read the search terms you have entered and then read them again.  Don’t let a slip of a finger deliver you into the hands of a hacker.

Cyber Safety Summit 2018 – 04/23/18

The Cyber Safety Summit 2018 will be held on October 2, 2018 at the Lincoln Park room in the Main Building of Mount Royal University’s campus.   The summit will include experts speaking on home security, social engineering, fraud protection and how to recover from a cyber attack.  In addition  we are  adding a new topic this year, protecting your privacy.  Registration is free.

Spend the whole day with us or just come by for your favourite session. Either way you have the opportunity to hear from the experts themselves how to keep your family and home cyber safe.  Come with your questions and concerns, leave armed with the knowledge you need to keep hackers at bay.

Can’t attend the summit? We will be live streaming all sessions.  Visit the website to review last year’s program and to sign up for Summit updates.

Mark your calendars now!!  See you on October 2, 2018!!

 

Must Read – Help us keep your data safe – 04/17/18

 

 

Keeping our digital campus safe is a responsibility shared by the entire MRU community. An important part of that responsibility is for each of us to keep our account passwords secure, private, and not shared with any other person.

Sharing usernames and passwords is never a smart practice, but it’s especially unwise with your MRU account. Your username and password authenticate your identity, proving that you’re you. Many critical University business functions are online these days, and sharing passwords puts all those processes at risk. Whether it’s access to change grades, financial approvals, expense reimbursements, access to staff and student personal information, or simply private emails, your password is how you protect the important work you do from bad outcomes.

Never give your MRU account password to anyone. IT Services will never ask you for it, and neither should anyone else.

If you have a guest that requires a computer for presentations or a meeting, they must bring their own and connect to the “MRVisitor” wifi network. They are not allowed access to admin workstations or private campus networks.

Visiting instructors can log into academic workstations using an SCC account, which allows us to track their activities on our network. The SCC password changes frequently; to get today’s password, please contact the IT Service Desk at itservicedesk@mtroyal.ca, 403.440.6000, or in person at E251.

If you have a situation where you are tempted to share your password, contact the Service Desk and work with them to find a better solution. Together, we can keep our digital resources and online community safe.

 

ALERT – Mount Royal staff victimized by phishing email that is a reply to an old thread – 03/26/18

Mount Royal employees are receiving emails from a vendor that are actually replies to a legitimate message. As the message is a reply and it is from someone we do business with, employees have been tricked into opening the attachment more than once putting our network at risk.

How the heck did they manage to reply to a message that the vendor had sent ages ago? Simple, the vendors email account was hacked.  Once the hackers had access to the email account all they had to do was scroll through the emails in the sent folder until they found one that mentions an invoice and reply to it. Of course they attached an edited invoice containing a nice little keylogger trojan onto it first.

Those that opened the attachment found a blank document and then contacted the Service Desk to see why.  The Service Desk calmly explained all their keystrokes were being recorded by malware they had unintentionally installed and then sent support staff to re-image (wipe clean and re-install) their machines.

Unfortunately this is not the first time that Mount Royal University has been targeted by this type of attack.  Late last year another vendor had their email account compromised and multiple Mount Royal staff members received replies to an old meeting invite containing a document that “required their input”.  That document contained malware as well and once again we were re-imaging machines.

How do you know when an email from a vendor contains a malicious link or attachment?  Truthfully, you don’t.  The only red flag on either of these emails was the date of the original message. The email thread  was months old and was used in the attack because it contained a subject that would allow an attachment to be added to it without looking odd.  However, a recent message could also have been used if it had contained the right content.

So how do you protect yourself from such attacks? You call the vendor when you receive an email with a link or attachment and confirm that they sent the email. You do not reply to the email as if their email account has been compromised, you will be conversing with the hacker.  Do not use the contact information found in the email to contact the vendor either.  The hacker may have changed the email signature.  Use a contact number that you find in a Google search or that you have used before.

Yes, horrors, you have to actually pick up the phone and talk to a person.  However, it will practically eliminate the risk of having  your machine wiped clean and the operating system re-installed.  Not a fun way to spend the morning.

Beware, the locked browser tech support scam is back- 03/13/18

Malwarebytes has discovered an old tech scam that has resurfaced.  Hackers are compromising legitimate web sites. When you visit one of these sites, a pop-up appears on your computer telling you that you have a virus and you need to call a 1-800 number. To make it look like there is something wrong with your computer, the browser is locked and doesn’t respond to clicks.

If you call the number, you are asked to download diagnostic software that gives the hackers control of your computer. They then appear to find the virus on your machine and proceed with a hard sell trying to get you to pay to have it removed. In reality there is nothing wrong with your machine.

No software will magically detect issues on your computer without being installed. No browser can detect issues with your computer.  Microsoft does not send out alerts to let you know your computer is not working properly or has been compromised. Anytime you receive an alert of any kind with a support phone number, it is a scam.

The good news is, with this particular scam there is nothing wrong with your computer. All you need to do is shut down your browser through the Task Manager and everything goes back to normal. Just remember not to visit the same website again.

To shut down your browser in the Task Manager:

  1. Press CTRL + ALT + Delete 
  2. Select Start Task Manager
  3. On the Tasks tab, select your browser
  4. Click the End Task button.

Lock your Screen When you Leave the Scene – 02/07/18

Just a friendly reminder to lock your screen EVERY TIME you leave your workstation unattended. In the time it takes to get a print out or go to the kitchen to throw out garbage, your workstation can be compromised. The hackers need less than a minute to access your workstation and load malware that runs in the background. The malware can be present for months, giving the criminals access to the network and our data without you even being aware that it is there.

It is not enough to say, “Well I usually lock my screen but sometimes I forget.” Usually will not keep our network safe. Always will. Join us in the fight against cyber crime. Be a super hero and lock your screen EVERY TIME!