ITS Tickets
myBU
Office 365
Moodle
PaperCut
Webmail
Gaiter Dollars
Laptop-medical Twitter Comments
myBU
Moodle
Webmail
Gaiter Dollars
PaperCut
Office 365
ITS Tickets
Laptop-medical Twitter Comments

Email-based malicious attacks

Two types of email-based attacks are prevalent these days, and both are being executed on campus fairly regularly. One is called phishing, in which a malicious person attempts to have you provide them some secure information that only you know (your username & password, your bank account info, your SIN number, etc). The other is by sending a malicious attachment, hoping you will open it and thereby install the nefarious application.

Phishing

Phishing is attempted with a couple of main approaches:

  • send an email threatening to cancel or close your account if you don’t click a certain link and enter your information
  • send an email which looks to be from someone you know and should trust, asking you to reply with certain information

Learn more by reading this article:
Detecting Phishing Attempts

Malicious attachments

Malicious attachments are attachments which purport to be one thing (a document from Revenue Canada indicating a refund you have coming, for example) but are really something else (such as an application that installs on your computer to monitor everything you type).

ITS has many tools to attempt to prevent these kinds of attachments from ever arriving on campus, and even if they do arrive, we have tools on our servers and on your desktops to attempt to prevent them from running, but some malware will *always* be able to sneak through. As has been mentioned before, malware prevention is a never-ending arms race, with malware producers coming up with new ways to attack a computer and anti-virus companies coming out with updates (sometimes hourly!) to try to tackle all of the threats.

A good general checklist when receiving an attachment is:

  • do you know the sender?
  • were you expecting the attachment?
  • does the attachment name and file type match your expectations?

If you can’t say “yes” to all of those questions then you should be suspicious of the attachment. Suspicious does not mean that you ultimately won’t open it, but it does mean that you ought to do an additional check (call the sender on the phone, etc) before opening it.

Ultimately, if you’re concerned about an attachment that you’ve received because it looks questionable, you should reach out to the ITS Helpdesk so we can provide a secondary assessment.

To ask ITS to investigate a suspicious email:

  1. Open the ticket “I’d like to report a cybersecurity incident” on our Octopus web portal.
  2. Make sure to attach the suspicious email in your ticket.
  3. Let us know if you have already clicked any links or opened the attachment included in the suspicious email.
  4. Let us know if this email was also sent to your colleagues.

Be careful out there! These attacks can have serious financial consequences and loss of productivity (downtime of your computer, your time sorting out issues with your bank or credit card provider, etc).

Contact Us