Information Technology Services

Security Alerts

Recent Phishing Attempts

October 16 2019


What do I need to know?

UFV has recently had targeted email phishing attempts with the perpetrators pretending to be UFV Faculty or staff.

What do I need to do?

If you receive a suspicious email, do not respond.  Contact the IT Service Desk immediately and forward a copy of the suspicious message to phishreport@ufv.ca for investigation.

Details:

Please be aware that recently, several UFV staff and faculty members have received targeted emails which looks like it is coming from another UFV contact, often a superior.  The message will claim to be from a UFV employee, but closer inspection of the from email address reveals it is coming from gmail or another email server. For example: firstName.lastName.ufv.ca@gmail.com.

The email will typically ask if you are available to perform a quick task and that the sender is only available over email.  Once the purpetrator has engaged in conversation, they will ask you to purchase game cards or gift cards and send them copies.  They may use forceful language and ask for urgent reponse.

If you receive a suspicous message similar to this, do not respond.  Instead, immediately report it to the IT Service desk and forward them a copy for investigation.  If you are ever unsure of the authenticity of an email, it is good practice to confirm with the employee through another avenue. A phone call can very quickly clear up the situation. No UFV faculty or staff will ever make a request for you to send them game or gift cards.

Still need more info?

If you have any questions, please do not hesitate to contact the IT ServiceDesk by email (itservicedesk@ufv.ca) or call us at 604-864-4610


Alert Archive

July 23, 2019 - Compromised Accounts

We subscribe to services that monitor when UFV email accounts are exposed as part of a data breach. These breaches can and do occur regularly. Lately, several UFV employee email addresses have been used to create third party accounts, and several of these accounts have been reported as exposed. Exposed information often contains names, email addresses and, in some cases, passwords or other confidential data.

If you have been exposed as part of a data breach, you will be contacted by our cybersecurity team with details and next steps.

As a best practice, please refrain from using your UFV email address for 3rd party accounts and applications.


January 7, 2019 - Phishing for passwords

There have been a number of recent email-based phishing attempts in which recipients are requested to provide their login credentials. While many of these campaigns look obviously suspicious, some have been very carefully crafted so as to appear to be genuine.

Please be advised that IT Services will never request users to divulge their login information via email. If you are the recipient of such an email request, please ignore it and delete it. If you suspect that you may have been a victim of such a phishing attempt, you should change your password immediately.

For more information about phishing and to learn how to protect yourself, check the ITS knowledgebase.


January 2, 2019 - Password security

Ensure your accounts are secured with a strong password — at least 10 characters that include a combination of uppercase, lowercase, numeric and special characters. Be sure to use a different password for each online account. If one password is compromised, your other accounts are still protected. Keep your passwords to yourself, treat them like the keys to your home.

Contact Us