March 19 - Cyber Hygeine for COVID-19
There has been an increase of malicious actors using the COVID-19 pandemic in phishing campaigns and malware scams.The emails are written to trick you into opening an attachment or providing login credentials. In current circumstances, there have been attempts to impersonate various health agencies.
The Canadian Centre for CyberSecurity lists ways that you can protect yourself from this type of scam:
Against Malicious Emails:
- Make sure the address or attachment is relevant to the content of the email.
- Make sure you know the sender of an email.
- Look for typos.
- Use anti-virus or anti-malware software on computers.
Against Malicious Attachments:
- Make sure that the sender’s email address has a valid username and domain name.
- Be extra cautious if the email tone is urgent.
- If you were not expecting an attachment, verify with the sender.
Against Malicious Websites:
- Make sure URLs are spelled correctly.
- Directly type the URL in the search bar instead of clicking a provided link.
- If you must click on a hyperlink, hover your mouse over the link to check if it directs to the right website.
October 16 2019 - Phishing Attempts
What do I need to know?
UFV has recently had targeted email phishing attempts with the perpetrators pretending to be UFV Faculty or staff.
What do I need to do?
If you receive a suspicious email, do not respond. Contact the IT Service Desk immediately and forward a copy of the suspicious message to email@example.com for investigation.
Please be aware that recently, several UFV staff and faculty members have received targeted emails which looks like it is coming from another UFV contact, often a superior. The message will claim to be from a UFV employee, but closer inspection of the from email address reveals it is coming from gmail or another email server. For example: firstName.lastName.firstname.lastname@example.org.
The email will typically ask if you are available to perform a quick task and that the sender is only available over email. Once the purpetrator has engaged in conversation, they will ask you to purchase game cards or gift cards and send them copies. They may use forceful language and ask for urgent reponse.
If you receive a suspicous message similar to this, do not respond. Instead, immediately report it to the IT Service desk and forward them a copy for investigation. If you are ever unsure of the authenticity of an email, it is good practice to confirm with the employee through another avenue. A phone call can very quickly clear up the situation. No UFV faculty or staff will ever make a request for you to send them game or gift cards.
Still need more info?
If you have any questions, please do not hesitate to contact the IT ServiceDesk by email (email@example.com) or call us at 604-864-4610
July 23, 2019 - Compromised Accounts
We subscribe to services that monitor when UFV email accounts are exposed as part of a data breach. These breaches can and do occur regularly. Lately, several UFV employee email addresses have been used to create third party accounts, and several of these accounts have been reported as exposed. Exposed information often contains names, email addresses and, in some cases, passwords or other confidential data.
If you have been exposed as part of a data breach, you will be contacted by our cybersecurity team with details and next steps.
As a best practice, please refrain from using your UFV email address for 3rd party accounts and applications.
January 7, 2019 - Phishing for passwords
There have been a number of recent email-based phishing attempts in which recipients are requested to provide their login credentials. While many of these campaigns look obviously suspicious, some have been very carefully crafted so as to appear to be genuine.
Please be advised that IT Services will never request users to divulge their login information via email. If you are the recipient of such an email request, please ignore it and delete it. If you suspect that you may have been a victim of such a phishing attempt, you should change your password immediately.
For more information about phishing and to learn how to protect yourself, check the ITS knowledgebase.
January 2, 2019 - Password security
Ensure your accounts are secured with a strong password — at least 10 characters that include a combination of uppercase, lowercase, numeric and special characters. Be sure to use a different password for each online account. If one password is compromised, your other accounts are still protected. Keep your passwords to yourself, treat them like the keys to your home.