This notice is from the archives of The Notice Board. Information contained in this notice was accurate at the time of publication but may no longer be so.
The next time you see Leslie Gatner, Financial Analyst in Financial Services, the coffee’s on her. Gatner’s name was drawn to win the $25 Starbuck’s gift card for completing the online Phishing and Identity Theft course last month.
“We had a good response to the online course, but in my world, 100% completion would be ideal,” says Kevin Vadnais, IT Services Information Security Manager. He says he realizes it may not be realistic but it’s his goal nonetheless, especially with the holiday season looming.
“We’re coming into one of the busiest ‘phishing’ seasons with the upcoming holidays, so I would like to advise the University community to be vigilant.” Vadnais says the Christmas season logically lends itself to shipping scams by the bad guys. “Typically you will see emails from which you’re invited to download a .zip or .exe file that claims to have tracking information on a shipment. The email uses high-quality logos from companies like Canada Post, FedEx and UPS and, in addition, the grammar is far better than the usual phishing emails we see. Once the user clicks on the attachment, what it actually does is download malware on the user’s machine. The malware can contain a variety of threats: for example, Crypto locker is one that holds a computer hostage until a significant ‘ransom’ is paid, and there’s the threat of data theft. The bad guys can capture passwords when doing online banking, find personal data like social insurance numbers in tax returns, and both can lead to identity theft.”
As in all cases, Vadnais advises users to stop and ask themselves if it makes sense to simply click on an attachment, or go to the sender’s website instead to find tracking information. “Use common sense, if you’re not expecting a package, don’t click on a link that says you have one. One of the easiest clues is to hover your cursor over the link provided and compare it to what url shows next to it, or in the bottom of your browser. If it’s phishing or a malicious file, the destination in the link or image which pops up in the hover will not match what the browser text or image is showing. When that happens think twice about proceeding.”
Find out more about spotting and reporting phishing scams this holiday season here.
Contact:
Diane Boyle | diane.boyle@uleth.ca | (403) 382-7180 | uleth.ca/information-technology