Cybersecurity Blog

Scammers use subscription renewals to trick you into downloading malware – 08/03-21

 

 

A social engineering tactic dubbed Bazacall is making a resurgence. This attack method first appeared in March, 2021. It starts with an email that arrives in your inbox. They use a variety of scenarios, however all encourage you to phone a number to resolve an issue. Their favorites appear to be notifying you that a subscription is going to be renewed or that a free trial is over. Details on the nature of that subscription are often left out, making it more likely that you will call to clear things up.

When you call, the “customer service rep” on the phone directs you to a very realistic website. Sometimes these websites are spoofed sites of real businesses, other times the businesses are completely fictitious. Once you are at the website they walk you through the steps to cancel the subscription, telling you what to click. Everything seems perfectly legitimate until you reach the final step. The last click on the website opens an Excel file that asks you to enable Macros.  If you continue to follow the instructions of the “rep”, the malware is downloaded and installed on your computer. The type of malware varies but typically they give remote access to your machine, allowing the attackers to gain access to to other devices on the network.

This phishing attack method is particularly dangerous as the email doesn’t contain any attachments or links which allows it to pass through inbox filters. In addition when you open it, it looks official and innocent. After all what can happen if you just call to cancel a subscription that you don’t want? However once you call, the “rep” is very good at social engineering. He or she develops trust and insists that this is the only way to ensure the charge doesn’t appear on your credit card.

The best way to defend yourself against this type of attack is to recognize that emails with vague information about a subscription being renewed are malicious. Thankfully with this attack you have a second chance to defend yourself. You can refuse to enable Macros when asked.  Remember to use your common sense and don’t let yourself be bullied. There is no justification for enabling Excel Macros to cancel a subscription.  If it doesn’t make sense, hang up.

 

Restart your machine and save your data – 07/08/21

 

 

With the latest zero day threat PrintNightmare, putting printing on pause across the globe; it has become more important than ever to to keep your devices updated. While there is no update yet available to patch this vulnerability, it is a good idea to make sure your computer is ready when it is released.

The best way to do that is to ensure automatic updates on your Windows machine is enabled.  MRU devices are automatically updated when you connect to the network so you don’t have to worry about them. This is a system setting controlled by ITS and it can’t be changed.  However, you can mess with automatic updates on your home machine. You can pause them on a Windows 10 machine and turn them off all together on a Windows 8 machine. It is strongly recommended that if you have paused the updates or tuned them off , you enable them again.  This ensures that as soon as  the patch for PrintNightmare is available, it will be downloaded.

If you have a Windows 7 or older machine, the automatic updates feature is not an option, you will have to check for and download the update manually. For the most part, operating systems of this age don’t receive updates anymore and are vulnerable to attack. Which is why it is a good idea to upgrade to a newer one. The exception is when a really, really nasty vulnerability comes along. PrintNightmare falls into this category. Even Windows XP will receive a patch for this one.  However, you Windows 98 and 95 holdouts are out of luck.

To complete the installation process, you have to restart your machine. This is true for MRU devices as well as your home machine. Depending on how your version of Windows is set up, you may or may not be notified that a restart is required. So it is a good idea to restart your machine daily. Daily restarts ensure that you both have the latest security patch downloaded and it has been installed as well. Also, it takes less time to restart a machine that has only one update to install versus one that has five. In just a few minutes you can save hours of heartache. Restart your machine and save your data.

 

Yes you can test out of your cybersecurity awareness training – 07/06/21

 

 

July 1 marks the beginning of a new cybersecurity training year. While training for new hires is now live we have decided to hold off on releasing the training for those who are not new to Mount Royal.  We are approaching things very differently this year and want to make sure everyone understands how the new program works before they are enrolled in the training.

So what are we doing differently?  The new hires have the same training program we used last year. This ensures everyone who comes to campus knows the basics. This training is now live and ready for enrollment. If you didn’t finish your new hire cybersecurity awareness training last year, you will be re-enrolled in the same program again.  However we are aware that taking training on the same subjects every year is getting a bit tiresome. So if you have taken training in the past, you will find a pre-test in your Security Education Platform My Assignments list. The questions in the pre-test are organized into categories. If you get one or more questions in each category wrong, you will be assigned training on that topic.  If you get all the questions right, you will not have to do any cybersecurity training.

Unfortunately if you handle payment card data or are a high value target you will still have specialized training modules designed for your role that you will have to complete.

Even when you know how to be cybersafe, small reminders make being cybersafe easier.  Starting November a new Cyber Guys video will be ready for viewing every month. These short 3 to 4 minute videos remind you how to avoid becoming a victim while tickling your funny bone.  This is one time you can watch a funny video and not have your boss frown at you.

To view the videos, just login to the Security Education Platform. They will be in your My Assignment list. They are not mandatory to watch but we think they are just entertaining enough that you will want to. Unfortunately if you are a new hire, you will have to wait until next year to see the videos. That little treat is only available to those who have had training in the past.

Remember:

  • If you have new hires they can enroll and start their cybersecurity or PCI awareness training right away.
  • If you didn’t finish your new hire cybersecurity awareness training last year, you will be enrolled in it again this year.
  • If you have completed training in the past, you will take a pre-test to determine what training topics you will be assigned.

We really, really hope that all of you enjoy this new approach to training and find it helps you stay cybersafe.  If you have any questions or concerns please contact me at bpasteris@mtroyal.ca and I would be happy to answer any questions.

 

What exactly is the purpose of your spam folder? 05/27/21

The lowly Gmail Spam folder. It appears to collect nothing but garbage and is routinely ignored. It does however, have a function.  It’s purpose is to keep spam and malicious emails out of your inbox while still allowing you to review them. These suspicious emails  aren’t automatically deleted as Google recognizes it isn’t perfect and may wrongly identify an email as spam or malicious.

How should you manage your Spam folder? For the most part, it can be ignored.  If you find that you are missing an email, you can go looking for it. However, I don’t recommend checking your Spam folder daily. If you are worried about missing emails, then a weekly check should be sufficient.

If you find an email in your Spam folder that you don’t think should be there, don’t move it immediately to your inbox. Open it first and check the banner at the beginning of the message. Google lets you know why the message was put there. If it is because it was marked Spam previously, then it is safe to move to your inbox. If however, it indicates that it contains a malicious link or attachment then leave the email where you found it as Google doesn’t make mistakes identifying malicious emails.

Fortunately, malicious emails found in your Spam folder don’t need to be reported to the IT Security Team. Google is already filtering them from inboxes so we don’t need to alert your colleagues.  You can simply delete them and get on with your day. Even better, let Google delete them for you. Messages in Spam that are 30 days old are automatically deleted.

 

MRU community hit by tech support scam – 04/29/21

 

 

The tech support scam is back. This week a MRU community member had a virus warning popup on their screen while they were working. The virus warning listed a phone number and appeared to come from Microsoft.

The individual phoned the Service Desk. However, when they couldn’t get through they called the ‘Microsoft’ number in the pop up.  The fake Microsoft rep hung up on them when the caller didn’t provide the rep with the information they were looking for.  Our MRU community member avoided being scammed simply by not being cooperative.  However, had they been dealing with a more patient scammer, this could have gone very wrong very quickly.

This is a reminder if you see a dialog box with a virus warning and a phone number, it is a scam. Most likely there is no virus on your machine. instead, the website that you have visited has been compromised by a hacker to display a fake virus warning to anyone who views it. If this happens to you, close your browser and then open it again. Do not close the pop up. Do not visit that website again.

If you are concerned that your MRU issued device may have a virus, contact the Service Desk. Be patient, they will get back to you. If it is your personal device you are concerned about, run a virus scan. If something appears to be amiss and the virus scan does not find anything, take your device to a repair shop to have it checked.

 

 

Use digital signatures with caution – 04/15/21

 

 

With everyone avoiding contact with other people at all costs, the use of digital signatures has become more common.  However, some forms of digital signatures are more secure than others.

Services like Adobe or Docusign encrypt your digital signature. This means if someone tries to access it without your password, all they will see is gobbly gook.  As long as you are careful with your passwords, your signature is secure with these types of services.

Other solutions for digital signatures are not as safe.   Pictures of your written signature stored unencrypted or emailed can easily be stolen.  If they are on your Google Drive, Onedrive or Dropbox this makes them even more vulnerable. Likewise, entering your signature into text fields in unencrypted forms is also dangerous.

Remember that your digital signature is used to verify your identify. You should treat it like you do your credit card number. If you wouldn’t store or transmit your credit card number using a particular method or service, then you shouldn’t store or transmit your signature that way either.

 

How to check your cybersecurity awareness training status 04/15/21

Reminders are going out for everyone to complete their cybersecurity awareness training. In response people are noticing they have no training assignments and are wondering if they have completed the training or not.  These wonderful folks usually completed their training in October.

Unlike Blackboard, the new Security Education Platform doesn’t let you access modules once they are completed. They are removed from your assignment list. However you can still see what training you have completed by looking at your Report Card.

To access your Report Card, click on your name in the upper right hand corner of the platform window and then select My Report Card.  It will show you the status of all your assignments.

Please note that the name has been blurred out in this screenshot.  In addition, you will see the cybersecurity survey in your assignment list.  This survey is no longer available. Don’t worry if you didn’t complete it, it was optional.

I hope this helps those of you who can’t remember if you completed your training or not. If you have any other questions about the cybersecurity awareness training, please feel free to continue to contact me.

 

Google Chrome Privacy Settings you Should Check – 03/17/21

A while ago I posted an article on Data Privacy Day.  Out of that article, several readers requested recommendations on privacy settings  for Google Chrome. As much as I would love to tell readers to lock down everything and shut down the great Google data collection, privacy is a very personal thing. One person may be willing to give up functionality of their tools to ensure their private information stays private, while another is just fine with all knowing Google collecting their data if it means their life is easier.  In short, I cannot tell you wonderful people what to lock down. Each one of you has to make that decision for yourselves.

That said, I can tell you what settings to check and where they are currently located. Google, just like most other service providers, likes to make them hard to find. A cynical person would say that was done on purpose. I have decided to be more positive today and I am going to blame poor interface design… I am trying here.  Work with me.

Decide how your browsing history is used in Chrome

Most of the privacy goodies are hidden under Settings>Sync and Google Services.  The first stop should be Control how your browsing history is used to personalize Search, ads and more. Click on the little square next to this monster and you find the Activity Controls.

 

 

At first glance, all you see is Web & App Activity.  Scroll down a bit and click the See all activity controls link to find the motherload.

 

 

These settings determine how much functionality you want from Chrome vs how much data you want to keep from their prying eyes.  It may take a few tries to find the right balance for you. Don’t be afraid to turn on some controls. You can always turn them off if they are making your life difficult.  Personally I prefer to give them as little information as possible and find things on my own. I don’t like to be fed my content. You can stumble upon some pretty interesting stuff when you don’t have someone curating your content for you. However, that might not be your jam. Totally okay.

Further down the Sync and Google Services page, there are some other settings that you should check.  Do you want to help Google be a better service, or send them your URLS or the text you type into the browser? Once again, try turning them off and see what happens to the functionality of Chrome.

Decide how you will be tracked

Cookies are used by websites to identify you for a variety of reasons. Some of them are useful like keeping track of what is in your shopping cart. Others are more concerning like tracking what you click on.  As with all browsers, Chrome lets you decide what types of cookies are okay and which are to be disabled or blocked.

Chrome’s cookie settings can be found in Settings>Cookies and other data. I do not recommend selecting  Allow all cookies or Block all cookies. However you may want to experiment with Blocking third party cookies.

Another setting you can consider is the Send a “do not track” request with your browsing traffic. As it suggests, it simply sends a request to a website that you not be tracked. How they respond to the request depends on the website. However, I feel better knowing that I have at least asked for some privacy. The odds that they honor that request are probably pretty slim. There I go being all cynical again. Sorry, I slipped.

Cover your tracks

Your browsing history including cookies, cached pages and autofill data can be cleared out manually or you can set it up to perform a cleaning at regular intervals. Ideally things should be cleaned out once a week, however the best cleaning interval for you depends on how you work. Do be aware that if you clean out cookies regularly, it may mean you have to re-enter things on sites over and over again. As with the other settings, experiment with it to find what works best for you. You can find these settings under Settings>Clear Browsing data.

Inconclusion

Even if you try out these settings and decide to not enable any of them, that’s perfectly okay.  The important thing is you are aware of them and know how to change them. You are taking control and making decisions about your privacy instead of having them made for you.

Unfortunately, account providers regularly change their privacy settings and Google is no different. The information in this article may be out of date in a week, a month or tomorrow. Therefore, I suggest that every quarter you take a look at your privacy settings and make sure they are still at a comfortable level. A little proactivity goes a long way when maintaining your privacy.

 

Why is someone you know asking for your phone number? – 03/10/21

The MRU community have been finding emails in their spam folder similar to this one.

The email looks like it comes from a colleague or instructor. However the email contains some red flags.  The biggest one being they are asking for your personal phone number. If they don’t already have it, they shouldn’t be asking for it. In addition, it was found in the Spam folder.

Google puts emails that it thinks are suspicious but they aren’t sure of into the Spam folder. If you see an email in your Spam folder, assume it is malicious and always confirm legitimacy with the sender before you respond.  Confirmation is best done over the phone, however in situations like this where an MRU email wasn’t used, it is enough to contact the sender through an MRU email.

It is hard to say what the end game of this scam is. However, this is often step one in a gift card scam where they compel you to purchase gift cards and then give them the redemption codes. These redemption codes can then be sold on the dark web.

 

Let us know what you think of the Be a Superhero branding and earn contest entry codes – 03/01/21

 

 

The cybersecurity awareness program at MRU has been around for several years now.  Throughout that time we have encouraged the campus community to Be Superheros by practicing cybersafe behavior.  While the Be a Superhero branding has worked well for us, we are always looking for ways to make the program more engaging and effective.

We would like your feedback on our branding. Let us know if you still want to Be a Superhero or if it is time to leave our capes behind.  You can find the survey here.

Everyone who completes the survey will receive a contest entry code for the Cybersecurity Challenge and a chance to win a $250 Best Buy gift certificate. As this is the last month to collect entry codes, this is a great way to get entries in and move your team forward.