Security News and Alerts

DDE Attack

You may or may not be aware of a new type of attack potential called a DDE attack - a way of launching malware from a web download, an email attachment, or even directly from the body of an Outlook email message or calendar invite.

Just say no

Attachments, emails and calendar invites pop up two giveway warning dialogs before triggering a DDEAUTO attack; if you say “No” at either dialog then you prevent the attack. 

First, you’ll see a warning like this when DDE is used:

dialogbox-11

Clicking “No” will stop a DDE attack from running.

If you click “Yes” at the first dialog, you will see a second dialog warning that a command is about to be run (the text in parenthesis and the program names referenced at the end will vary):

dialogbox-222

Again, clicking “No” will stop the attack.

For more information, please refer to the following page and video

https://nakedsecurity.sophos.com/2017/10/22/office-dde-attack-works-in-outlook-too-heres-what-to-do/

Phishing Scam Alert: OneClass Chrome Extension

Be on alert for the OneClass Chrome Extension.  It is a phishing scam where once the extension is installed, it will attempt to send an email on behalf of the user and collect Campus-Wide Login (CWL) credentials.

How the phishing works:

Students will receive an email that includes a link to install the OneClass Chrome Extension.  During the installation, the user will be prompted to accept its permission of “Read and change all your data on the websites you visit.” If the user accepts, a button will be created within Connect pages to “Invite your Classmates to OneClass.”

The plugin in the exension will also attempt to send an email to everyone in the user’s class to promote the OneClass plugin. The plugin contains a code that will attempt to collect user credentials (CWL username and password). 

A copy of the phishing ​email is below:

“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at <URL removed by UBC Information Security>.  I highly recommend signing up for an account now that way your first download is free!”

 

If you receive this phishing email, do not install the extension or click on any links on the email.  Please delete the email. 

If you already installed the extension, below are the instructions to remove the extension:

  1. Open up your Chrome Browser
  2. Select the 3 vertical dots in the top right-hand corner
  3. Select Settings
  4. Select Extensions in the top left-hand corner
  5. Click the Trashcan beside the “OneClass Easy Invite” extension
  6. Select Remove on the Confirm Removal Popup
  7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)

 

Once you have removed this extension, please go to webadvisor.nipissingu.ca to reset your Nipissing CWL password.

If you have any questions, please contact techserv@nipissingu.ca​

Cyber Security Reminder, Be conscious of new phishing attempts

There have been reports of increased email phishing attacks on Canadian Universities. Please take extra care to verify the authenticity of any email asking for personal information or wanting you to click on a link. If in any doubt please call the Nipissing UTS Helpdesk at x4342 or email techsrv@nipissingu.ca

  1. Faculty are being impersonated, and sending messages that were somewhat 'context appropriate' to a number of people, directing them to a download link to pick up a document. 
     
  2. Staff and Faculty are being targeted by unknown malefactors in a University Employee Payroll Scam.  This scam has already made its rounds in the United States and is now targeting Canadian Universities.

    Details:
    University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.

    Consequences of this Scam:

    • The employee’s paycheck can be stolen.
    • The money may not be returned in full to the employee.
    • The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.
  3. Students are being victimized by the ‘Work-from-Home’ Scam.  The ‘Work-from-Home scam asked students to set up a bank account (on behalf of the malefactor) and send the details away.  The accounts are used to transfer money and the victims are responsible for the financial liabilities.  This scam is a form of identity theft.

World Backup Day - March 31st

World Backup Day is a global initiative to remind and teach people to properly and safely backup their files. At Nipissing University, we have our shared and home directories backed up daily to keep all our hard work safe. 

For your personal documents and family photos, you may find the information at worldbackupday.com helpful. No matter which method you choose, we recommend you use strong passphrases to secure all your information.

Virus-Hoax-Spam - Fw - new message

Some of you may have received an email message from "Student Involvement" with the subject line Fw: new message.   The message asks you to click the link provided to open a message.  THIS IS A HOAX

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Spam Alert - IT Service Email

The email many of us received this morning titled: "IT Service" asking to verify your account, is not a legitimate request from UTS. Please do not respond to or follow any links in this or similar messages. 

UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Warning - Text-Sms Phishing

Some members of the Nipissing University community have reported that they have received phishing scams as text messages. Please exercise the same caution you would with your email when you receive texts with links claiming to be from banks or other service providers. When in doubt, contact the organization using trusted contact information from the official source to verify the message is legitimate. 

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Virus-Hoax-Spam - New Message Emails

Some of you may have received an email message from a colleague with the subject line Fw: new message. The message states new message, please read and provides a link.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows. 

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please contact the Technology Services Desk immediately.

Virus-Hoax-Spam - Important

Some of you may have received an email message from a colleague with the subject line IMPORTANT.   The message asks you to follow a link to view your message.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please contact the Technology Services Desk immediately.

Important Password Information

This is a reminder that you should NEVER use the same password on more than one website or service. This is especially important with your email password. 

There have been several instances recently where users have used their email address and email password to login to a third party website, thereby providing both the third party website operators and any potential hackers access to their email and all of the information contained therein, including any banking/credit card information, passwords to other services, other personal data etc.

We strongly recommend that you change your email password as soon as possible and on a continual regular basis. This applies to all onsite passwords.

Security Reminder - Username and Password

The use of the same login name and password for access to different accounts and websites is strongly discouraged. If a website that you visit is compromised, the attacker will have access to the login names and passwords that were used. 

If this website's login name was your email address, the attacker now has that piece of information. If you used the same password as your email account, the attacker now has access to your email account, all the personal information contained within, and even the ability to reset passwords for other sites.

There are several secure password apps available that do a good job of providing tracking and securely saving login names and passwords.  A search of the App Store will give you some to research. We recommend: Keeper Password Manager & Digital Vault by Callpod. We will followup with a more detailed message on this type of app.

For added security on your Nipissing email account, consider enabling 2-step verification. 2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, one would not only have to know your username and password, they would also have to have your mobile phone.  

Learn more about 2-step verification here: https://support.google.com/accounts/answer/180744?hl=en. You can set it up yourself, or we can help you.

Virus-Hoax - CIBC - Customer Documents

Some of you may have received an email message from "Harry Culham" (Harry.Culham@cibc.com) with the subject line CIBC Customer Documents.   The message states that you can view/print your notice of documents.  THIS IS A HOAX

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

NU Online Security - Canadian Banks Targeted by Malware

Dear Nipissing Community,

Canadian banks have recently become a popular target for online fraud. Please consider the following when banking online:

If you feel that you have been a victim of an online scam, contact the appropriate authorities.

Warning - University Employee Payroll Scam

The Canadian Cyber Incident Response Centre (A division of Public Safety Canada) has sent us the following warning:  

The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent emails and websites to entice employees to reveal login credentials.

If you believe that you have been victimized by this scam, we recommend filing a report with your local law enforcement agency and change all your Nipissing passphrases. UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Hoax

Some of you may have received an email message from Administrator <amturner@mail.fhsu.edu> with the subject line System Upgrade- Verify Your Email Account‏‎ or Suspicious Login Detected? from Technical Support <flb@choiceonemail.com>.  These messages state that you need to confirm your identity by replying to an email address.  THIS IS A HOAX.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call ext 4342  immediately.

How to Spot Phishing Scams

According to the Anti-Phishing Working Group​, up to five percent of recipients respond to ‘phishing’ attacks. In an effort to increase our online security, Technology Services strongly recommends the following: 

  • Be very suspicious of any email with urgent requests for personal, financial or account information.
  • Always check the sender's reply address, not just the name. Any message claiming to be university related will come from an @nipissingu.ca email address. 
  • Consider if a link address makes sense. Hover over links and compare the link text with the address that appears in the status bar of your browser.  If they do not match, do not click.

This screenshot of a recent ‘phishing’ attack at Nipissing has many indicators of a scam:

spam-email2
  • the reply to address is foreign
  • the greeting is generic
  • the grammar is questionable
  • the link is to some random site on the Internet

When in doubt, call or email Technology Services and ask if the message is legitimate.

Please watch this short video from our security software provider:

Symantec Guide to Scary Internet Stuff - Phishing

Remember, UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call Technology Services immediately at 4342.

For more information on Online Security:

https://www.getcybersafe.gc.ca/index-eng.aspx

https://support.google.com/accounts/answer/75061?hl=en

http://www.antiphishing.org/resources/overview/avoid-phishing-scams​

NU Online Security - Passphrases not passwords

In an effort to increase our online security, Technology Services requests that you to use a passphrase rather than a password wherever possible. This protects your access with short sentence rather than a simple word. Use a unique combination of letters and number. For Example, Th1s1sMyP@ssphr@se (This is my passphrase). 

We encourage you to watch this one minute video about password creation by Google:

How to Create a Strong Password 

Remember, UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

For more information on Online Security:

https://www.getcybersafe.gc.ca/index-eng.aspx

https://support.google.com/accounts/answer/46526?hl=en

Virus-Hoax-Spam - New Message

Some of you may have received an email message from a colleague with the subject line Fw: new message.   The message asks you to follow a link to open your message.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please contact the Technology Services Desk immediately.

Virus-Hoax - Your Mailbox Has Exceeded Its Storage Limit

Some of you may have received an email message from nipissingu Web Team <maplespringcob@atlanticbb.net> with the subject line Your Mailbox has exceeded its storage limit.   The messages states that you need to confirm your identity by replying to an email address.  THIS IS A HOAX.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Warning - Scam Emails Regarding Funds Transfers

Some of you may have received an email message requesting money with the subject line "Request" or something similar.  THIS IS A SCAM.  Please disregard these messages, should you receive them.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Important Reminder Regarding Email Links

Some of you may have received an email message from someone you know with the subject line Re: IMPORTANT DOCUMENT.   The message is a HOAX and asks you to click a link and to sign in using your email for secure access.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Hoax - Important Notice!

Some of you may have received an email message from "HelpDesk <lld@nipissingu.ca> with the subject line IMPORTANT NOTICE!.  WEBMASTER EMAIL ACCOUNT UPGRADE.  THIS IS A HOAX. 

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Hoax. Webmaster Email Account Upgrade

Some of you may have received an email message from "Charlene Butler" (CButler@nwoesc.org) with the subject line WEBMASTER EMAIL ACCOUNT UPGRADE.   The message states that we are currently upgrading our new website accounts. This will provide you the ability to store a greatly Increased amount of e-mail correspondence in your e-mail account and  also reduce spam emails that is received in your email on the daily basis. Your account has been selected, as one of the accounts that are to be upgraded.  THIS IS A HOAX

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Cybersecurity Reminder

There's some evidence that Canadian Universities are getting hit quite hard with CryptoLocker Ransomware.  This appears also to be the case with US universities.

The malware encrypts the files on the computer then demands a fee to unencrypt the user's file.  This virus has the ability to spread to fileshares and USB devices.

This message is just a reminder to our user community to be careful when visiting unfamiliar websites or opening emails from unknown senders. Do not download or open files that you have not specifically requested. Be wary of links embedded in an email, type the link into your browser instead.

And as always, never respond to email requests for user information from anyone. Legitimate services, banks, credit card companies, email providers, Nipissing University Helpdesk will never ask you for information in an unsolicited email.

Please make sure that your anti-virus software is running and up to date.

If you have any questions or concerns please contact the Helpdesk at extension 4342.