Two types of email-based attacks are prevalent these days, and both are being executed on campus fairly regularly. One is called phishing, in which a malicious person attempts to have you provide them some secure information that only you know (your username & password, your bank account info, your SIN number, etc). The other is by sending a malicious attachment, hoping you will open it and thereby install the nefarious application.
Phishing is attempted with a couple of main approaches:
- send an email threatening to cancel or close your account if you don’t click a certain link and enter your information
- send an email which looks to be from someone you know and should trust, asking you to reply with certain information
You can read more here on:
Additionally we suggest reading the following 2 links to see several suggestions on how to identify a phishing message:
Malicious attachments are attachments which purport to be one thing (a document from Revenue Canada indicating a refund you have coming, for example) but are really something else (such as an application that installs on your computer to monitor everything you type).
ITS has many tools to attempt to prevent these kinds of attachments from ever arriving on campus, and even if they do arrive, we have tools on our servers and on your desktops to attempt to prevent them from running, but some malware will *always* be able to sneak through. As has been mentioned before, malware prevention is a never-ending arms race, with malware producers coming up with new ways to attack a computer and anti-virus companies coming out with updates (sometimes hourly!) to try to tackle all of the threats.
A good general checklist when receiving an attachment is:
- do you know the sender?
- were you expecting the attachment?
- does the attachment name and file type match your expectations?
If you can’t say “yes” to all of those questions then you should be suspicious of the attachment. Suspicious does not mean that you ultimately won’t open it, but it does mean that you ought to do an additional check (call the sender on the phone, etc) before opening it.
Ultimately, if you’re concerned about an attachment that you’ve received because it looks questionable, you can forward as an attachment the email to firstname.lastname@example.org and we can provide a secondary assessment.
Here are the steps to attach the email as an attachment:
Be careful out there! These attacks can have serious financial consequences and lost productivity (downtime of your computer, your time sorting out issues with your bank or credit card provider, etc).