Cybersecurity Blog

MRU community hit by tech support scam – 04/29/21

 

 

The tech support scam is back. This week a MRU community member had a virus warning popup on their screen while they were working. The virus warning listed a phone number and appeared to come from Microsoft.

The individual phoned the Service Desk. However, when they couldn’t get through they called the ‘Microsoft’ number in the pop up.  The fake Microsoft rep hung up on them when the caller didn’t provide the rep with the information they were looking for.  Our MRU community member avoided being scammed simply by not being cooperative.  However, had they been dealing with a more patient scammer, this could have gone very wrong very quickly.

This is a reminder if you see a dialog box with a virus warning and a phone number, it is a scam. Most likely there is no virus on your machine. instead, the website that you have visited has been compromised by a hacker to display a fake virus warning to anyone who views it. If this happens to you, close your browser and then open it again. Do not close the pop up. Do not visit that website again.

If you are concerned that your MRU issued device may have a virus, contact the Service Desk. Be patient, they will get back to you. If it is your personal device you are concerned about, run a virus scan. If something appears to be amiss and the virus scan does not find anything, take your device to a repair shop to have it checked.

 

 

Google Chrome Privacy Settings you Should Check – 03/17/21

A while ago I posted an article on Data Privacy Day.  Out of that article, several readers requested recommendations on privacy settings  for Google Chrome. As much as I would love to tell readers to lock down everything and shut down the great Google data collection, privacy is a very personal thing. One person may be willing to give up functionality of their tools to ensure their private information stays private, while another is just fine with all knowing Google collecting their data if it means their life is easier.  In short, I cannot tell you wonderful people what to lock down. Each one of you has to make that decision for yourselves.

That said, I can tell you what settings to check and where they are currently located. Google, just like most other service providers, likes to make them hard to find. A cynical person would say that was done on purpose. I have decided to be more positive today and I am going to blame poor interface design… I am trying here.  Work with me.

Decide how your browsing history is used in Chrome

Most of the privacy goodies are hidden under Settings>Sync and Google Services.  The first stop should be Control how your browsing history is used to personalize Search, ads and more. Click on the little square next to this monster and you find the Activity Controls.

 

 

At first glance, all you see is Web & App Activity.  Scroll down a bit and click the See all activity controls link to find the motherload.

 

 

These settings determine how much functionality you want from Chrome vs how much data you want to keep from their prying eyes.  It may take a few tries to find the right balance for you. Don’t be afraid to turn on some controls. You can always turn them off if they are making your life difficult.  Personally I prefer to give them as little information as possible and find things on my own. I don’t like to be fed my content. You can stumble upon some pretty interesting stuff when you don’t have someone curating your content for you. However, that might not be your jam. Totally okay.

Further down the Sync and Google Services page, there are some other settings that you should check.  Do you want to help Google be a better service, or send them your URLS or the text you type into the browser? Once again, try turning them off and see what happens to the functionality of Chrome.

Decide how you will be tracked

Cookies are used by websites to identify you for a variety of reasons. Some of them are useful like keeping track of what is in your shopping cart. Others are more concerning like tracking what you click on.  As with all browsers, Chrome lets you decide what types of cookies are okay and which are to be disabled or blocked.

Chrome’s cookie settings can be found in Settings>Cookies and other data. I do not recommend selecting  Allow all cookies or Block all cookies. However you may want to experiment with Blocking third party cookies.

Another setting you can consider is the Send a “do not track” request with your browsing traffic. As it suggests, it simply sends a request to a website that you not be tracked. How they respond to the request depends on the website. However, I feel better knowing that I have at least asked for some privacy. The odds that they honor that request are probably pretty slim. There I go being all cynical again. Sorry, I slipped.

Cover your tracks

Your browsing history including cookies, cached pages and autofill data can be cleared out manually or you can set it up to perform a cleaning at regular intervals. Ideally things should be cleaned out once a week, however the best cleaning interval for you depends on how you work. Do be aware that if you clean out cookies regularly, it may mean you have to re-enter things on sites over and over again. As with the other settings, experiment with it to find what works best for you. You can find these settings under Settings>Clear Browsing data.

Inconclusion

Even if you try out these settings and decide to not enable any of them, that’s perfectly okay.  The important thing is you are aware of them and know how to change them. You are taking control and making decisions about your privacy instead of having them made for you.

Unfortunately, account providers regularly change their privacy settings and Google is no different. The information in this article may be out of date in a week, a month or tomorrow. Therefore, I suggest that every quarter you take a look at your privacy settings and make sure they are still at a comfortable level. A little proactivity goes a long way when maintaining your privacy.

 

Criminals are creating look-a-like MRU webpages – 04/23/20

 

We have been notified that cybercriminals have registered and are using the domain www.mroyalu.ca as well as several other look-a-like domains. They are attempting to fool people into visiting their malicious websites.

While working from home, it is very important that you double check all links that you receive in emails and the sender’s email address.

If the link does not have mtroyal.ca, mru.ca, mrucougars.com or mymru.ca before the first single / in the URL, it is malicious.

Examples of legitimate URLs are:
mru.ca/cybersecurity
mru.ca/wellness
https://www.mtroyal.ca/AboutMountRoyal/WhyMRU/
https://www.mymru.ca/web/home-community

Examples of fraudulent URLs are:
https://www.mroyalu.ca/AboutMountRoyal/WhyMRU/
https://www.mymur.ca/web/home-community
https://www.my.mtroyal.ca/Home
Please do not let curiosity get the better of you, and attempt to visit any of these fraudulent websites. They will harm your machine and/or steal your data.

If the sender’s email address ends in anything other than @mtroyal.ca, then it is malicious.

Examples of legitimate email addresses are:
bpasteris@mtroyal.ca
cybersecurity@mtroyal.ca

Examples of fraudulent email addresses are:
bpasteris.mtroyal.ca@gmail.com
bpasteris@mroyalu.ca
bpasteris@mtroyal.email.ca

Please be extra cautious at this time.

Updated 04/27/20

 

No Chrome doesn’t scan for viruses – 04/08/20

 

 

While it is a blessing that most of us are able to work from home, it has its downsides. One of those is the level of security on our home machines and networks. To take advantage of this less than ideal situation, cybercriminals are going into full swing. One of their favorite methods of attack is the compromised or malicious ad.

These ads can be placed on tons of web pages and appear to be like any other digital advertisement. However, they are far from benign. They contain malicious code that can do a variety of nasty things to your machine. Ransomware, key loggers and plain old viruses are just a few examples of the goodies these innocent looking adverts can hide.

The attack vector of choice, is to have these lovelies display some sort of dialog box when you visit the site to get you to click and download malware.  Some creative cyberthugs have come up with a rather clever twist to this tactic, a fake virus alert. That’s right folks, you visit a website and after a bit of browsing a dialog box appears tell you that you have no less than 5 viruses on your machine. Just to make it look all official, the dialog box appears to be coming from Chrome itself.

Here’s the thing Chrome doesn’t scan for viruses, it is a browser. So if you are getting a virus alert from Chrome, it is definitely a scam. Close the browser and avoid the website. Stay alert out there. Use common sense and wash your hands.

 

Academic institutions targeted with malicious Chrome extension – 12/06/18

 

 

A phishing campaign has been targeting academic institutions. The phishing emails appear to come from a post secondary institution and contain a link to a web page that hosts a harmless PDF. When the link is clicked, the user is asked to download the Font Manager extension in the Chrome Web Store.

Users that checked the reviews for the extension found lots of good reviews as well as a few bad ones. It turns out, the clever criminals copied reviews from other extensions to make the Font Manager look more legit and increase the chances people would download it.  The funny thing is they copied the bad reviews as well as the good ones.  For the most part the ruse worked with the extension being downloaded hundreds of times. Once downloaded the malicious extension logged keystrokes and allowed hackers to gain access to the network and desktops remotely.  Several universities have been compromised as a result.

The malicious extension was only discovered because the criminals blew it. University employees arrived in the morning to find their computers’ browsers opened to English-Korean translators and their Keyboard switched to Korean. As the employees weren’t conducting research on Korean websites, they knew something was up.  Had the hackers been more on the ball, who knows how long they would have retained network access.

The Font Manager has been removed from the Chrome Store.  However, this a gentle reminder to only download extensions that you know are safe and you absolutely must have.

 

 

Browser extensions cause of Facebook data breach – 11/05/18

 

 

The BBC Russian Service has found  data from 81 000 Facebook profiles sitting on the web. The data is apparently just a small sample of what was taken from 120 million accounts by a hacker selling his haul.  It is hard to know if 120 million profiles were indeed hacked or if the breach is limited to what is currently on display.  One would think that Facebook would notice 120 million profiles being accessed, so my guess is they don’t have much more than the small sample. After all, criminals aren’t known for their honesty.

Facebook is blaming malicious browser extensions. They are reporting that the extensions were monitoring user’s Facebook activity while shuttling personal information as well as private conversations to the hackers.  The majority of information taken was from Ukrainian and Russian users, however profiles from all over the world were also pilfered.

This is a reminder to be wary of browser extensions. As with apps, only download ones that:

  • You really need
  • Have good reviews
  • Have lots of downloads
  • Come from reputable sites

Malicious browser extensions can be very difficult to detect as extensions update automatically.  This allows hackers to create extensions that are harmless, until their first update. After that your handy extension starts doing all sorts of nasty things.

To reduce the risk, if you really need a particular browser extension consider disabling it when you aren’t using it.  Lastly once you no longer need the extension, remove it from your browser.

 

Adobe Flash update also installs malware – 10/17/18

 

 

Criminals have been disguising Adobe Flash updates as malware for a while now.  They are quite fond of compromising a legitimate website with a fake update pop up. Now there is a new twist on this old tactic.  If you choose to install the fake update it actually does update Adobe Flash. however a cryptominer comes along for the ride.

Because the software does what it says it will do, most people don’t notice what is going on in the background. This allows the malware to go undetected. It isn’t until a few days or weeks have passed and the user finally gets fed up with their slow machine that the malware is discovered.

To avoid fake software updates, remember to visit the application’s site directly for downloads or select check for updates from the software’s menu. Those popups that appear while you are browsing are often loaded with malware.

 

Fake sites use HTTPS too – 10/04/18

 

 

As the holiday season approaches, people around the world are getting ready to cruise the internet looking for great gifts at bargain prices.  As you do your online holiday shopping, keep in mind that sites labeled HTTPS guarantee your data is encrypted as it is transmitted between your computer and the web.  It does not guarantee that the site is legitimate.

Criminals have gotten wise. They are now registering their fake web sites so they are tagged as HTTPS.  So now instead of having to worry about your credit card information being intercepted as you purchase the iPhone XS Max for the unbelievable price of $300.00 USD, you can be confident that only the scammer is receiving your data.

So how do you know that a site is legitimate? Stick with retailers that you have used in the past and access their web sites using a bookmark or search result.  If you receive an email with an offer, don’t use the link in the email.  Visit the website directly.

If you are using a new retailer:

  • Check reviews first.  Avoid retailers with large numbers of complaints that haven’t been resolved.
  • Always pay with a credit card or PayPal so you have a method of recourse should things go wrong.
  • Remember to read all the terms & conditions of sale.  Know if they have a return or exchange policy.

Lastly, remember…if it is too good to be true, it probably is a scam.

 

Hurricane Florence Relief Scams – 09/27/18

 

 

It is a sad reality, but when there is a disaster it doesn’t take long for criminals to find a way to profit.  Hurricane Florence is no exception.  There are numerous websites for hurricane Florence relief that have popped up in the last week.  All have very professional looking graphics and legitimate sounding names.  All of them allow you to donate directly from their web site. However, many of them are simply collecting money and putting it into their own pockets.

In addition to the “charity” websites, the bad guys are sending out phishing emails tugging at your heart strings and asking you to donate to hurricane Florence relief.  Just as you would with any other unsolicited email, don’t click on links or open attachments in these emails.  If you wish to donate, visit a charity’s website directly.

Not sure where to donate? Make sure you do your homework first. Charity Navigator is a terrific organization which investigates and rates charities.  They have hundreds of charities listed on their website.  You can see if the charity is legitimate and how much of their raised funds are given away and how much are used for administrative costs. With a little research you can make sure your good deed doesn’t turn into it’s own disaster.  Happy donating!!

 

Just because a link looks safe, doesn’t mean it is – 09/07/18

 

 

For many of you, not clicking on email links is an obvious choice.  You wonderful folks are the ones who follow best practices and use a bookmark or browser search to access information given to you in an email.  However, there are braver souls out there who prefer to live on the wild side. They hover over links and then determine whether or not it is safe to click.

The argument I hear is…”I know the URL is correct, I have it memorized”. Here is the problem.  Unicode  is used to determine what character should be displayed in a field. It incorporates tons of different writing systems from various languages by giving each character of each language a different code. This is done even if they look the same to the naked eye. So an English “a” is considered to be a different character than a Cyrillic “a”, even though they look identical.  This allows hackers to create fake websites with domain names that look official right down to the domain name.  There is no way to tell by looking at them, which one is legitimate.

The fun doesn’t stop there.  Even if our hacker isn’t sophisticated enough to use the Unicode trick, there are several letters on a keyboard that are extremely similar and can be confused for one another. For example, the letters “I” and “l” are two different letters on the keyboard but look almost identical on the screen.

As clever as the hover trick is, if your hacker is using any of these techniques, you will end up with a data breach.  To truly make sure you aren’t going somewhere you would rather not, stick with the bookmarks and browser search results. Those will take you to the right website every time.