Smishing attack thwarted by faculty member – 03/14/2023
It was just after 11:00 AM on a Friday when Kelly Sundberg received this text message
This was an odd request as the text was coming to Kelly’s personal phone. However, if something was urgent, maybe it was Tim texting him. What Kelly did next saved him from being scammed out of thousands of dollars, he contacted the Presiden’ts office and asked if it really was Tim that had texted him.
As it turns out, Tim wasn’t even in the city. The text had definitely not come from him. It had come from a scammer whose next move would have been to convince him to purchase gift cards as rewards for hard working colleagues.
Before you say, “I would never fall for that scam”, know that more than one person on campus has. It isn’t because they are stupid or because they didn’t take their cybersecurity awareness training. They became victims because the attackers are just that good at confusing you, creating urgency and getting you to react instead of think.
Kelly did two very important things right, firstly he stopped and let his rational thought kick in before he took action. As a result, the attackers did not have a chance to confuse or manipulate him. Secondly, he followed the guidelines in the cybersecurity awareness training, verify before you take action.
No matter how certain you are that a text or email is coming from your boss, if an unexpected request is made, call the sender and make sure the message actually came from them. That one step saved Kelly, it could save you too.
Scam calls now appear to come from an MRU phone number – 02/02/2023
Previously, I had written a blog article warning about callers impersonating Visa and asking for your credit card information. The scam has evolved and is now more sophisticated. Employees on campus are receiving calls that appear to come from an MRU phone number stating there is an issue with purchases on their P card.
As with the Visa scam, the attackers ask for your P card information to confirm who you are. No one who has a legitimate reason to check your P card purchases will call YOU and ask YOU to confirm YOUR identity. Neither will they ask for any information on the card.
If someone calls you asking for this information, please hang up. If you have recieved this type of call and have given out card information please contact Finance immediately and let them know.
Regardless if you have received one of these calls or not, check for fraudulent transactions on your P card regularly. Quick action minimizes the damage a scammer can do.
Scammers calling MRU phone numbers pretending to be Visa – 01/20/2023
It has been a busy few weeks for the IT Security Team. The campus has been targeted by various attackers, keeping all of us on our toes. In the latest run of attacks we have seen scammers move away from email and switch to an old fashioned phone call.
In this attack, they call pretending to be from Visa. They explain there is an issue with your account and then ask you to give them information about your credit card to verify your identity. No organization will call you and then ask you to verify your identity.
If you ever receive a phone call from your bank or from your credit card company and you are unsure if it is them, politely tell them you will call them back. Hang up and contact them using a phone number that you know is legitimate. When you make this call they will of course ask you questions to verify your identity. This is to be expected because YOU have called THEM.
Stay alert and stay safe. It is getting nasty out there.
Scammers use subscription renewals to trick you into downloading malware – 08/03-21
A social engineering tactic dubbed Bazacall is making a resurgence. This attack method first appeared in March, 2021. It starts with an email that arrives in your inbox. They use a variety of scenarios, however all encourage you to phone a number to resolve an issue. Their favorites appear to be notifying you that a subscription is going to be renewed or that a free trial is over. Details on the nature of that subscription are often left out, making it more likely that you will call to clear things up.
When you call, the “customer service rep” on the phone directs you to a very realistic website. Sometimes these websites are spoofed sites of real businesses, other times the businesses are completely fictitious. Once you are at the website they walk you through the steps to cancel the subscription, telling you what to click. Everything seems perfectly legitimate until you reach the final step. The last click on the website opens an Excel file that asks you to enable Macros. If you continue to follow the instructions of the “rep”, the malware is downloaded and installed on your computer. The type of malware varies but typically they give remote access to your machine, allowing the attackers to gain access to to other devices on the network.
This phishing attack method is particularly dangerous as the email doesn’t contain any attachments or links which allows it to pass through inbox filters. In addition when you open it, it looks official and innocent. After all what can happen if you just call to cancel a subscription that you don’t want? However once you call, the “rep” is very good at social engineering. He or she develops trust and insists that this is the only way to ensure the charge doesn’t appear on your credit card.
The best way to defend yourself against this type of attack is to recognize that emails with vague information about a subscription being renewed are malicious. Thankfully with this attack you have a second chance to defend yourself. You can refuse to enable Macros when asked. Remember to use your common sense and don’t let yourself be bullied. There is no justification for enabling Excel Macros to cancel a subscription. If it doesn’t make sense, hang up.
MRU community hit by tech support scam – 04/29/21
The tech support scam is back. This week a MRU community member had a virus warning popup on their screen while they were working. The virus warning listed a phone number and appeared to come from Microsoft.
The individual phoned the Service Desk. However, when they couldn’t get through they called the ‘Microsoft’ number in the pop up. The fake Microsoft rep hung up on them when the caller didn’t provide the rep with the information they were looking for. Our MRU community member avoided being scammed simply by not being cooperative. However, had they been dealing with a more patient scammer, this could have gone very wrong very quickly.
This is a reminder if you see a dialog box with a virus warning and a phone number, it is a scam. Most likely there is no virus on your machine. instead, the website that you have visited has been compromised by a hacker to display a fake virus warning to anyone who views it. If this happens to you, close your browser and then open it again. Do not close the pop up. Do not visit that website again.
If you are concerned that your MRU issued device may have a virus, contact the Service Desk. Be patient, they will get back to you. If it is your personal device you are concerned about, run a virus scan. If something appears to be amiss and the virus scan does not find anything, take your device to a repair shop to have it checked.
No, that isn’t your supervisor asking for your cell phone number – 04/09/20
This week has been a busy one for the security team. We have been slammed with a new phishing tactic, requests for cell phone numbers. Campus inboxes are receiving emails that appear to be coming from a supervisor. They look like this.
While this one contains a misspelled word, others look perfectly legit. The only clue is the weird sender email address.
Why do they want your cell phone number? Lots of reasons. First of all they can take your phone number and connect it to your email address which helps build out your data profile so advertisers can more easily target you with ads. Advertisers pay a premium for complete data profiles.
But the benefits don’t stop there. If they have your phone number, know where you work, have an email address and your name, they have enough information to impersonate you with your cell phone provider. If the customer service agent that answers the call doesn’t follow proper procedures, the scammer can port your number to a different carrier or disable your SIM card and get a new one. Either way you lose control of your phone number and the criminal now has access to everything that uses your phone number for confirmation. One MRU employee has already found out how damaging this type of attack can be.
Lastly they can send you lovely text messages containing links that appear to come from your bank, include offers for free stuff or opportunities to enter a contest. Clicking on these links load malware onto your device designed to steal passwords, contacts and data.
Your best defense against this type of attack, is to read the sender’s email address before you read the body of the message. If you see that the email is not from a Mount Royal account, you can delete the message before your emotions are triggered by the email content.
If you aren’t sure if an email is legit, you can check the Phish Bowl to see if it is listed there or you can forward the email to abuse@mtroyal.ca. If you find a phishing email, don’t forget to report it by clicking the PhishAlarm button or forwarding it to cybersecurity@mtroyal.ca so we can warn your colleagues.
Updated 05/29/20