Cybersecurity Blog

Scammers calling MRU phone numbers pretending to be Visa – 01/20/2023

 

 

It has been a busy few weeks for the IT Security Team. The campus has been targeted by various attackers, keeping all of us on our toes. In the latest run of attacks we have seen scammers move away from email and switch to an old fashioned phone call.

In this attack, they call pretending to be from Visa. They explain there is an issue with your account and then ask you to give them information about  your credit card to verify your identity.  No organization will call you and then ask you to verify your identity.

If you ever receive a phone call from your bank or from your credit card company and you are unsure if it is them, politely tell them you will call them back. Hang up and contact them using a phone number that you know is legitimate. When you make this call they will of course ask you questions to verify your identity. This is to be expected because YOU have called THEM.

Stay alert and stay safe. It is getting nasty out there.

Checking an email? Get a bigger screen – 12/08/2023

Updated 07/18/2023

 

Phishing emails are the bane of our existence. They take our precious time as we slow down to take a close look and make sure that email from our colleague is really coming from our colleague.  This whole experience is a lot more challenging when we are attempting to do our analysis on a smartphone.

While reading an email on our phone is perfectly harmless, things can become dangerous when the email asks us to take action. To click or not to click? Do we send the requested information or not?  How is one to know when it is hard to see the link URL or sender’s email address on that small screen?

It is so challenging to spot a malicious email on a phone, that even IT professionals get tricked. That’s right … Information Technology professionals get tricked.  The people that get tricked repeatedly  in IT are ALL trying to see phishing red flags on a smartphone screen and fail.

The next time you read an email on your phone that has a link, contains an attachment or is asking for sensitive information, mark it unread. When you are able to view it on a larger screen; re read it and look at the sender’s email address , hover over the links and check the grammar.  While taking the extra time is inconvenient, it is far less painful than loosing half a day of work while you factory reset your phone or deal with the fallout of a data breach.

Emails that appear to come from MRU can be malicious – 11/30/2022

 

Bad actors are finding more sophisticated ways to impersonate email addresses and gain access to systems.  While many phishing attempts come from outside e-mail accounts, it is also possible that you may receive a phishing attempt originating from or forwarded from an email that has a “@mtroyal.ca” suffix.
If you receive an email originating from a mtroyal.ca email address that feels suspicious, there are a few ways that you can confirm whether the email is legitimate. Is the email from the @mtroyal.ca email account that the sender normally uses? If not, look up the sender in the internal directory, call them using the phone number in the directory and ask them if they sent the note. Do not use the number provided in the suspicious e-mail.
If you are still unsure, report the email to the IT Security team by using the PhishAlarm button or forwarding the email to cybersecurity@mtroyal.ca.

MRU slammed with fake Geek Squad subscription renewals – 11/25/2022

 

 

We have seen them before, the fake subscription renewals that arrive with the fake invoice attached. The hope is we will panic and call to cancel. When we do, they attempt to convince us that they over refunded us by thousands and demand we pay it back or they try to get us to install software on our machine so they can issue the refund. The result is an empty bank account, malware on your machine or both.

This week some very lazy attackers hit the campus with hundreds of these emails with various subject lines that all included the same fake Best Buy – Geek Squad subscription renewal invoice. I say they were lazy because the majority of them contained messages with no more than a word or two.  inboxes across the University were hit, many with several different versions of the same email.

I am delighted to report that instead of being taken in by these emails, dozens of people reported them. Our cybersecurity inbox was slammed and more reports keep coming in. Thank you to everyone who gave us a heads up.  Keep up the great work!

 

What to do about those annoying pop-ups

 

 

It has happened to everyone, you visit a website and then shortly one or more pop-ups show up on your screen. Admittedly, with the availability of popup blockers this happens a lot less than it used it. However, it still happens. Those popups are not just annoying, they are often dangerous. Cyberattackers use them to trick us into downloading malware onto our machines.

While there are many ways attackers try to trick us. They have two favourite methods.  The first is to fill the popups with pornography.  There is nothing more horrifying than having naked people flash on your screen especially when you are at work. The idea is to make you panic so you will click on the X in the popup window to close it. It can be very effective.  Anyone in that situation would do exactly as the attackers want and click to close the offending windows as quickly as possible. Unfortunately, once you click you download malware onto your computer.

The second method they like to use is the fake virus alert. The popups appear with flashing read text and flashing arrows directing you to click to remove a virus that they have detected on your machine. They are playing everyone’s worst nightmare in technicolor. It is understandable if someone panics and clicks. However, as before, once you do malware is loaded onto your machine.

The terrifying thing is popups can show up anywhere, not just on dodgy sites you have never visited. Legitimate websites can also be compromised by attackers. One day you are checking the Daily Kitty with no issues, the next day you visit and obscene images fill your screen.

The good news is, there is an easy way to get rid of the unexpected popups without downloading malware.  The next time your screen comes alive with dozens of panic inducing popups, just close your browser. Don’t click on anything inside the browser window, just click the little x on the browser window itself and close the thing. Once the browser is closed, the problem is gone.

To make sure it doesn’t reoccur, don’t visit the website that you were on again.  As long as you close the browser window and not the popup window, no harm is done. Even better, nothing else needs to be done. No report needs to be made to IT. You don’t have to scan your machine for viruses.  You don’t have to spend the day wringing your hands hoping that you didn’t mess up. You can just enjoy the rest of your day in blissful serenity knowing that you stopped the criminals in their tracks.

 

Campus flooded with fake ITS email notifications – 11/01/2022

 

While the trick and treaters were out collecting candy, cyberattackers hit the campus looking for their own treats…MRU login credentials. Over a thousand emails flooded campus inboxes. While the email subjects were varied, the contents were the same.

 

 

This email has two big red flags; the generic sending email address and the link that goes to a Jotform. While Jotform is a legitimate service used to create forms, much like Google forms, the use of the form was far from legitimate.  If you clicked the link you would be told that to access the pending emails, you would have to enter your MRU email credentials into the form. Once you do, the attackers have your credentials.

Of course as MFA is enabled on your account, they can’t just enter your stolen password and gain access to your email. They need to by pass the MFA. The most popular method at the moment is to bombard you endlessly with MFA prompts by repeatedly signing into your email. The hope is, you will get tired of being prompted and just tap, Yes it is me, just to get them to end. Some people finally give in.

I am proud to say that once these emails hit inboxes, the cybersecurity email was flooded with reports. Many of those reports included appreciation for the cybersecurity awareness training that prepared them for the attack.  Well done everyone!  Well done.

 

Password managers the secret weapon against cybercrime – 09/01/22

 

 

Passwords, they are our saviors keeping our data safe while at the same time they are our oppressors clogging our brains and stressing us out. We know we should have long, complicated passwords and that we shouldn’t reuse them. However, who has the time to be that creative every time you sign up for a new service, never mind being able to memorize them all? It isn’t surprising that password reuse is as common as grilled cheese.

Attackers know that, which is why credential stuffing is one of their favorite attack methods. It takes little skill and effort. Just go on the dark web and find a list of stolen credentials, plug them into a software program and let it run. After a few minutes you have a whole list of websites that you can login to hassle free. You don’t even have to buy stolen credentials anymore.  Over a hundred of them are just sitting there, free for the taking.

Thankfully there is a way to have long, strong unique passwords for every service without losing your mind. This magical tool even logs in for you, saving you valuable time and effort.  The best part is you only have to create and remember one password. Yup, only one, the one to gain access to the tool. After that, this gift from the Gods creates passwords for you. They are long, complicated monsters that would take years to brute force hack. They would be impossible for a human mind to remember, but this genius of an application does it for you.

What is this mythical piece of software? It is a password manager. In the past they have been known for their ability to effortlessly store passwords, however their other skills are largely unknown. They are your secret weapon against credential stuffing.

There are many, many types of password managers. On workstations across campus you can find KeePass. While functional, it doesn’t look very user friendly and it strikes terror into the hearts of most. All it takes to tame the beast is a quick training session. However, for those less adventurous there are alternatives. The one we recommend is Bitwarden. It uses a browser extension to enable functionality and offers a full range of features for free.

If you aren’t sure if Bitwarden is for you, PC magazine does a great job of reviewing the most popular password managers every year. All of them allow you to use them for free for at least a week before you buy. I suggest picking three and trying them out one at at time. It works best if you only enter your login credentials for your most used services. That way you don’t invest a lot of time into a tool that you decide you don’t want to use later on.

Which password manager is the best? The one that you use. Each one has it’s own quirks and features. Some you may like, others you may not. If you don’t use the tool, then it isn’t the right one for you. That is why I recommend giving a few of them a try. Ideally you want to find one that fits in so seamlessly with your work that you barely notice it is there.

New cybersecurity awareness training launching soon – 06/29/22

 

 

It is that time again. One training year closes and another begins.  June 30 is the training deadline for this year’s courses. I am pleased to say that 74% of registrants have already completed the training. If those who are currently working on courses finish up, that will give us a record 79% completion rate.  Whooo hooo!!! I am confident that you won’t let me down and you will pop back in to complete those last few modules.

Unfortunately we have fewer people finishing the pretest. Only 70% have completed it. Luckily the majority of those who do, have not been assigned training. When training is assigned, typically only two modules must be completed.  That means the odds are, it will only take you 20 to 30 minutes to complete your annual training! Take aside a little time to finish this up and prove how effective the pretest program is. Keep in mind while the deadline was June 29, the Security Education Platform will allow you to access the pretest and assigned training until July 29, 2022.  So it isn’t too late to get it done!

In the beginning of July a new round of training will launch.  Watch for the email notifications to arrive in your inbox. Remember, current employees have a whole year to complete their training. Please don’t angry email me that you just finished your training and don’t know why you have to take more.  New hires aren’t so lucky. They have only 60 days to complete their training. It works best if you spread the training out instead of completing it all in one sitting.

This year registration for new hires into the Security Education Platform will be automatic as will enrollment in the new hire training.  This is wonderful news as neither you nor any of your new hires will have to fill out the registration form. The training notification will automatically arrive in their inbox. They can get started on their training right away without any help from you. Yaaayyy!! Unfortunately if they handle payment card data, they will still have to register for PCI training. Sorry, it can’t all be good news.

There will once again be a pretest for all current employees. This year, it will be a tad shorter, 22 instead of 33 questions.  Yaayyyy!! Some more good news.  Once again, there will be additional training for those of you considered to be high value targets. The training is very specific to your role and you will find it more helpful than annoying. At least that is the hope.

In addition to new training, we also have a new system in place to keep user profiles up to date. This should result in far fewer people getting training notifications after they have left MRU. As well supervisors should find that the training status reports for their teams will be more accurate. Another win!

Lastly, the Cyber Guys videos will take a short break over July and return again in August. They have been busy and we have a new whole crop of ridiculously funny reminders on how to stay cybersafe for the new year. Thank all of you for the positive feedback. I am delighted that you have found them as entertaining as I have.

A big thank you to everyone who has set aside precious time in their schedule to complete their training.  You have invested in the safety of your home, family and colleagues. While the training doesn’t always seem beneficial, sometime in the future you will be thankful that you took the time to learn how to identify and thwart a cyberattack.

 

Chrome’s latest update includes a confusing pop up – 06/01/22

 

Chrome has been updated. As part of the update, a pop up appears when you login

 

 

This pop up is simply reminding you that Mount Royal University is managing your MRU Workspace account and that we have access to it. This new pop up is part of Google’s new privacy features. There hasn’t been any changes to your account, the University has always had access to it. The pop up isn’t malicious and your computer has not been hacked.

Click to select Keep local browsing data to save your current bookmarks. Then click the Continue button to close the pop up and use Chrome/Google Workspace as usual.

Innocent looking webpage hides malware – A true story – 05/25/22

 

Network Cable

 

It was just another day for an MRU staffer. He was fielding calls and sorting through emails when he received an invite to a conference.  He just needed to double check the session time. However, it was listed with a different time zone than his. It was early in the morning and his brain wasn’t fully functioning so he was unable to covert the time in his head. He Googled “time zone converter” and clicked the first link listed in the search results.

As soon as the webpage loaded, mayhem erupted on his computer. Three hundred and seventy four pop-ups appeared. Big scary alerts with flashing arrows pointing to a button said he had a virus. Click here said the button to remove the virus. You must click NOW flashed across the screen. Everything that could light up and flash was lit up and flashing. His computer screen looked like a slot machine that was about  to pay out, only this pay out was malware not money.

He started to panic. He thought, “What do I do, what do I do? What did Bernadette say to do in training”. Then he remembered the first step.

Don’t touch anything

“Okay”, he thought, “I wont touch anything. what did she say to do next?”

Disconnect from the Internet

“Right.” He dug around behind his computer and yanked the network cable out from the back of it. “Okay, what is next?”

Contact the IT Service Desk

He picked up the phone and called the Service Desk. It took almost no time at all and a technician was there checking his computer. Thankfully, there was no harm done. Because he had followed his training and did not click on anything on the webpage the malware was never loaded onto his machine.

He was immediately grateful for the training he received. Had he forgotten to not touch anything on the screen, he would have lost a lot of his day and his data, getting his computer reimaged.  While he knew the training was helpful, he didn’t realize just how much until he found himself experiencing a cyberattack. He was so glad he had taken his annual training. He was never going to consider it a waste of time again.