Cybersecurity Blog

Fake TD texts try to nab your banking credentials – 12/15/21

 

Look at what showed up on the phone of an MRU community member.

 

 

The links in this text do not go to the TD Canada Trust website.  The person who received this text does not bank with TD so they knew it was a fake alert right away. However, if you do bank with them and receive this text, the odds are pretty good you will click. The whole alert received thing tends to make people panic. When they panic, they react. Rational thought never has a chance to kick in.

We don’t know for sure what will happen if you click one of the links. However, as it tells you to login, the odds are good that you will be directed to a fake TD login page. When you enter your username and password, the criminals will likely record and store your credentials to either use themselves or sell on the dark web.  Either way, they can drain your bank accounts.

This is a reminder that if you receive an email or text from your bank, count to 10. Then call them directly using a phone number that you know is legitimate to ask them if there is a problem with your account. Resist the urge to click, no matter how great it is.  Salvation is only a phone call away.

 

The return of the Cybercafe – 12/15/21

 

To level the playing field for the Cybersecurity Challenge for those working from home, starting in January 2022, the Cybercafe will return. Once a month I will make myself available from 10:00 am to 2:00 pm virtually for questions, MFA support or to discuss the latest cybersecurity threat. Everyone who stops in will get two contest entry codes, the same ones given out at the Cybersecurity Roadshow.  This prevents double dipping, evens things out and gives our working from home folks a chance to catch up.

I am hoping that this will give everyone an equal chance to participate in the challenge and encourage those who may have felt left out to join in. This is an excellent opportunity for your team to catch up and earn some entries.  See you all in 2022!

It is survey time! Participate and win a $50 gift certificate! – 12/06/21

 

It is that time of the year when we look back at last year’s program and figure out what worked, what didn’t and where we can improve. To help us determine if we are on the right track, we need your help.  Please take 5 min to complete our survey.  To ensure that we are learning about what people are doing on campus rather than what they know they should be doing, the survey is anonymous. You can freely admit your sins safe in the knowledge we will never know who you are. Your honestly will help us determine the direction of our program next year. You can take the survey here.

The Cybersecurity Newsletter has a new look! – 10/22/21

The cybersecurity awareness program at MRU rebranded earlier this fall. It took us a while, but we have also rebranded the Cybersecurity Newsletter. Gone is the blue background, sections have been reorganized and we have a fancy new header to match our new program branding. We hope it will now be easier to read as well as to find the information that is most useful for you.  Look for the new format newsletter to arrive in your inbox on Friday.

If you aren’t a subscriber, now is the time to do so. Get the latest news on current attacks and how to stay cybersafe. Once you subscribe, you can share what you learn with family and friends. Don’t delay, subscribe now.

 

 

Firefox’s LinkedIn data breach notification – 10/04/21

If you use Firefox with your Mount Royal email address, you may have received this email in your inbox this morning:

 

This is a new feature of Firefox. It is important to note however that this “data breach” isn’t really a data breach. If you look closely, it is titled LinkedIn Scraped Data. Also while it says that the “breach” was added to their system October 2, 2021, the so called “breach” actually took place months ago.

What is scraped data? It is when an attacker scrapes publicly available data off of a website.  So technically it isn’t a data breach as the attackers didn’t break into any servers. However, it does take a lot of time and skill to gather that much data at once. As a result few people do it themselves. It is much easier to wait for someone else to do it and then buy the data from them.

What do they use the data for once they buy it? They use it to target you with phishing emails and other social engineering attacks. While there is no need to worry about your LinkedIn password or username being compromised, this is a good time to double check exactly what you have posted publicly on LinkedIn. Be wary of any communications referencing that information in the future, someone may be trying to use it against you.

October is Cybersecurity Awareness Month – 09/29/21

 

It is Cybersecurity Awareness Month!!  To celebrate we have several activities planned.  As always, the Cybersecurity Challenge will run from October 1 to March 31. This year the Challenge has a new sponsor,  WBM! The teams have been reorganized to ensure they are of equal size so the competition should be as fierce as it was last year. Will the Facilities Management team finally be unseated or will they be victorious once again?

The Virtual Treasure hunt that was so popular last year is back with new clues and puzzles. Solve the puzzles and use the clues to find the location of the treasure. Everyone can participate.

We have two new Cybercrime Series talks scheduled as well. Brian Reed from Proofpoint will be discussing insider threats, the horror stories that go with them and how to protect yourself. Jason Kell from Teknologi1 will be discussing attacks to Industrial Control Systems and the repercussion.

Come join in, have fun, earn contest entry codes and learn how to stay cybersafe!

Things to remember now that we are back on campus – 09/08/21

 

It is hard to believe but it has been about 18 months since we were last all on campus. Whether you are thrilled to be amongst students and colleagues or pining for the solitude of your dining room table, you will have developed different work habits while you were working from home.  Now is the time to dust off those old habits again. To help you get back on track, I have a few helpful tips.

Lock your screen

Yes, I know that I was teaching people to keep locking their screens when working from home. However, I know most of you didn’t consider the kids, your spouse or the cat a big threat. Now that we are back, it is time to develop that habit again. When you stand up from your machine, lock it.  If you are in a hybrid work situation, keep up that habit when you are home so you don’t forget when you are on campus.

Watch for tailgaters

Don’t let people you don’t know sneak in behind you into a secured area. If a stranger has forgotten their OneCard, send them to security rather than let them in with yours. With everyone masking up again, it is harder to verify someone is who you think they are. If you aren’t sure, send them to security.  If you have a visitor coming to campus, meet them outside secured areas and then accompany them to the appropriate office or meeting room. Do not leave guests unaccompanied in a secured area.

Don’t let others use your credentials

If you have guests coming on campus, have them bring their own laptop and connect to MRvisitor rather than logging into a workstation for them. If you are training someone new, contact the Service Desk to get them access to what they need rather than logging into an application for them.  Your credentials are for your use alone, not the other 114 people who want to access the network.

Keep storing documents on Google Drive

Even though we are now back at our workstations, it is impossible to know if sometime in the future we will have to return to working from home. Make your life easier, continue to store your documents containing non-sensitive information on the Google Drive. That way you won’t have to scramble should we suddenly get sent home again.

 

Our cybersecurity awareness program has a new look! – 09/02/21

After 5 successful years, the cybersecurity team is saying goodbye to our superheroes. While they served us well, we recognized that it was time for a change. Our survey let us know that the campus was looking for branding that was more professional but still used simple straight forward messaging.  Introducing The Shield.

 

 

Look for the new posters, screen slides and stickers as they pop up around campus. We hope you love our new look as much as we do.  Let us know what you think in the comments below.

Scammers use subscription renewals to trick you into downloading malware – 08/03-21

 

A social engineering tactic dubbed Bazacall is making a resurgence. This attack method first appeared in March, 2021. It starts with an email that arrives in your inbox. They use a variety of scenarios, however all encourage you to phone a number to resolve an issue. Their favorites appear to be notifying you that a subscription is going to be renewed or that a free trial is over. Details on the nature of that subscription are often left out, making it more likely that you will call to clear things up.

When you call, the “customer service rep” on the phone directs you to a very realistic website. Sometimes these websites are spoofed sites of real businesses, other times the businesses are completely fictitious. Once you are at the website they walk you through the steps to cancel the subscription, telling you what to click. Everything seems perfectly legitimate until you reach the final step. The last click on the website opens an Excel file that asks you to enable Macros.  If you continue to follow the instructions of the “rep”, the malware is downloaded and installed on your computer. The type of malware varies but typically they give remote access to your machine, allowing the attackers to gain access to to other devices on the network.

This phishing attack method is particularly dangerous as the email doesn’t contain any attachments or links which allows it to pass through inbox filters. In addition when you open it, it looks official and innocent. After all what can happen if you just call to cancel a subscription that you don’t want? However once you call, the “rep” is very good at social engineering. He or she develops trust and insists that this is the only way to ensure the charge doesn’t appear on your credit card.

The best way to defend yourself against this type of attack is to recognize that emails with vague information about a subscription being renewed are malicious. Thankfully with this attack you have a second chance to defend yourself. You can refuse to enable Macros when asked.  Remember to use your common sense and don’t let yourself be bullied. There is no justification for enabling Excel Macros to cancel a subscription.  If it doesn’t make sense, hang up.

 

Restart your machine and save your data – 07/08/21

 

With the latest zero day threat PrintNightmare, putting printing on pause across the globe; it has become more important than ever to to keep your devices updated. While there is no update yet available to patch this vulnerability, it is a good idea to make sure your computer is ready when it is released.

The best way to do that is to ensure automatic updates on your Windows machine is enabled.  MRU devices are automatically updated when you connect to the network so you don’t have to worry about them. This is a system setting controlled by ITS and it can’t be changed.  However, you can mess with automatic updates on your home machine. You can pause them on a Windows 10 machine and turn them off all together on a Windows 8 machine. It is strongly recommended that if you have paused the updates or tuned them off , you enable them again.  This ensures that as soon as  the patch for PrintNightmare is available, it will be downloaded.

If you have a Windows 7 or older machine, the automatic updates feature is not an option, you will have to check for and download the update manually. For the most part, operating systems of this age don’t receive updates anymore and are vulnerable to attack. Which is why it is a good idea to upgrade to a newer one. The exception is when a really, really nasty vulnerability comes along. PrintNightmare falls into this category. Even Windows XP will receive a patch for this one.  However, you Windows 98 and 95 holdouts are out of luck.

To complete the installation process, you have to restart your machine. This is true for MRU devices as well as your home machine. Depending on how your version of Windows is set up, you may or may not be notified that a restart is required. So it is a good idea to restart your machine daily. Daily restarts ensure that you both have the latest security patch downloaded and it has been installed as well. Also, it takes less time to restart a machine that has only one update to install versus one that has five. In just a few minutes you can save hours of heartache. Restart your machine and save your data.