Home
About the Cybersecurity Blog
Cybersecurity Challenge 2021/2022
Cybersecurity Hub

Cyber Safety Summit 2018 – 04/23/18

The Cyber Safety Summit 2018 will be held on October 2, 2018 at the Lincoln Park room in the Main Building of Mount Royal University’s campus. The summit will include experts speaking on home security, social engineering, fraud protection and how to recover from a cyber attack. In addition we are adding a new topic this year, protecting your privacy. Registration is free.

Spend the whole day with us or just come by for your favourite session. Either way you have the opportunity to hear from the experts themselves how to keep your family and home cyber safe. Come with your questions and concerns, leave armed with the knowledge you need to keep hackers at bay.

Can’t attend the summit? We will be live streaming all sessions. Visit the website to review last year’s program and to sign up for Summit updates.

Mark your calendars now!! See you on October 2, 2018!!

Those cute quizzes are sucking up data about you – 04/11/18

With the fallout from Facebook’s poor choices continuing, this is a great time to remind everyone that big brother is always watching. As fun as those cute little quizzes are on social media, you could be giving hackers everything they need to impersonate you.

Quizzes that ask you the name of your first pet, what was the first car you drove and where you went to school are thinly disguised attempts at getting a hold of the answers to privacy questions. Outside of privacy questions, even seemingly innocent information about your past can be used against you in the wrong hands.

When it comes to quizzes, just don’t. Your privacy is not worth a few moments of entertainment.

Criminals find a way around two step verification in Google – 04/11/18

Two step verification keeps criminals from accessing your account if your password is compromised. It is a great way to add an added level of security to your accounts. However, enterprising criminals have found a way around it.

How did they do it? Is there some back door that they found? Have they created a new brute force hack technique? Nope. They just ask for the verification code. Low tech social engineering strikes again.

Here is how it works. They send you a text that looks like it comes from Google notifying you of a password reset. If you don’t want your password reset, you are instructed to text the word STOP. Once you do, you are asked to text 822 back to be sent a verification code to stop the password reset. Once you receive the verification code, they ask you to text them the code back to confirm that you don’t want the password reset. Pretty clever huh?

Of course what is happening is they are trying to get into your account but can’t because they don’t have the verification code. By playing the stop the password reset game they are hoping to catch you off guard so you just sent them the code.

For the record, no one will ask you if you don’t want to do something with your account. As soon as someone asks you for confirmation to NOT do something, you know the jig is up. This is just another reminder that we have to read our texts and emails carefully and question anything that seems odd. The criminals count on you to react without thinking. Stop them in their tracks, think before you react.

Beware, the locked browser tech support scam is back- 03/13/18

Malwarebytes has discovered an old tech scam that has resurfaced. Hackers are compromising legitimate web sites. When you visit one of these sites, a pop-up appears on your computer telling you that you have a virus and you need to call a 1-800 number. To make it look like there is something wrong with your computer, the browser is locked and doesn’t respond to clicks.

If you call the number, you are asked to download diagnostic software that gives the hackers control of your computer. They then appear to find the virus on your machine and proceed with a hard sell trying to get you to pay to have it removed. In reality there is nothing wrong with your machine.

No software will magically detect issues on your computer without being installed. No browser can detect issues with your computer. Microsoft does not send out alerts to let you know your computer is not working properly or has been compromised. Anytime you receive an alert of any kind with a support phone number, it is a scam.

The good news is, with this particular scam there is nothing wrong with your computer. All you need to do is shut down your browser through the Task Manager and everything goes back to normal. Just remember not to visit the same website again.

To shut down your browser in the Task Manager:

Press CTRL + ALT + Delete
Select Start Task Manager
On the Tasks tab, select your browser
Click the End Task button.

Mount Royal Community Member gets fake CRA call – 03/09/18

One sure sign that spring is on its way…tax scammers pop up along with the tulips. Although we are a ways away from enjoying the tulips, the scammers are out in full force. One Mount Royal employee came into work to find this on his voicemail.

Click the far left of the bar to listen to the voicemail message.

Pretty nasty huh? So how to do you know this is a scam? Simple, the CRA will never phone you and threaten legal action or arrest. They will never send someone to your house to collect payment or to arrest you either. This was a voicemail, so it was easy to calmly listen to the message and analyze it to determine if it was legitimate.

What do you do if they have you on the phone and they are threatening you? The scammers can be very insistent and believable causing considerable stress and confusion. If you experience a call like that from the CRA, tell them you will call them back and hang up. You can then contact the CRA at 1-800-959-8281. If there are any issues with your taxes, whoever answers the phone will be able to address them.

Watch out for phishing emails from the CRA as well. As I mentioned in a post last year, the CRA will never email you unless you have given them previous permission to do so and they will never send you an email with links unless you have specifically requested a document.

For more information on how to identify CRA fraud and protect yourself, visit the C RA website.

Payroll related phishing email making the rounds – 02/02/2018

Another day, another phishing attack making the rounds. The latest asks you to confirm your identity by clicking on a link and logging in. These emails often refer to issues with your paycheck or benefits that need to be resolved. Replying to one of these emails and asking for more information results in a very quick and convincing response assuring you everything is on the up and up.

If you ever receive an email asking you to use a link to login to confirm your identify, close the email and login to the site directly using a bookmark or Google search result. If the request is legitimate, you will be able to find it on the official web site. If you cannot find the information and are still not sure of the email’s legitimacy, contact them by phone or email using contact information taken from their official site. If you do determine that the email is a phish, forward it to abuse@mtroyal.ca and then report it as phishing to Google.

As always, if you are in doubt contact the IT Service Desk.

Watch out for PayPal “Failed Transaction” Emails – 12/05/17

With holiday shopping in full swing, cyber criminals have decided to roll out another PayPal phishing email campaign. This one notifies you that they were unable to verify your recent transaction. With shoppers stressed to the max, the criminals are hoping that you won’t notice a generic salutation is used or that the email doesn’t come from PayPal. Those who panic and click the Verify button/link are asked for their PayPal login credentials, all their personal information including their mother’s maiden name and their payment card information.

This is a reminder that an organization asking for information that they should already have is a big red flag that something isn’t right. Always visit an organization’s website directly when you receive an email from them that contains links or attachments. Any concerns with your account or transactions will be accessible from their official site. If you wish to contact the organization directly; use contact information found on their website, not in the email. Safe shopping!!

Threatening voicemail left at Mount Royal – 11/21/17

Yesterday one of our staff members checked her voicemail and found a nasty message from an “Officer” Robert William asking her or her attorney to call him immediately before “the legal situation unfolds”. Our quick thinking staff member Googled the number, 905-581-1528 and discovered that it was a phone scam.

Had she called them, she would have been asked her personal information including her SIN. Armed with that info, the crooks would have applied for credit cards and loans in her name, leaving her on the hook for the payments. Only after months of paperwork and expensive legal fees would she have been able to clear her credit record and name.

This is just a reminder to never give out information people already should have, over the phone, in an email or text. If someone calls you and tells you they are from your bank, a vendor, the CRA, RCMP or Calgary Police Service:

Ask for their name.
Tell them you will call them back.
Call the organization’s switchboard directly using a number that you obtain from a Google search or that you have used before.
Ask for the individual by name.

If they insist that the only way to reach them is through a number that they give you, you know that it is not a legitimate call. If they tell you that they may not be available when you call back, you should be able to have your account or file reviewed by someone else in the same department.

Remember, no legitimate agency threatens legal action over the phone.

Scary New Phishing Attack is Hard to Detect – 11/15/17

The latest phishing attack uses an email that appears to come from someone you know and appears to be a reply to a previous message. This makes it very hard to detect. The body of the message asks the user to open a Word attachment that contains instructions on how to enable Word content.

Of course if you follow the instructions, a banking trojan is downloaded onto your computer that can steal your banking credentials, record your key strokes, take a screen shot capture, etc.

This is a reminder to NEVER enable the use of macros in Word documents. If you receive a Word document that asks you to enable editing, enable content or enable a macro, call the sender to verify that the email is legitimate and the attachment is safe.

Anatomy of a Ransomware Attack – 03/14/17

Your stereotypical hacker used to be an overweight manchild living in his parents basement. Nowadays, however, a hacker can be working for a large organization making billions a year. Hacking has become big business with ransomware offering hackers the ability to make lots of money quickly and easily. Everyday you are hearing about companies and organizations being brought to their knees by a cyber attack. Just how do hackers do it? How do they manage to get through the latest firewalls, anti-virus software and network security protocols to breach some of the highest levels of security found on the planet? Watch the video and find out.

« Previous Page

Leave This Blank:Leave This Blank Too:Do Not Change This:

Your email:

Subscribe to blog

Leave This Blank:Leave This Blank Too:Do Not Change This:

Your email:

Faculties

Students

Campus

Contact Us