Security News and Alerts

You may or may not be aware of a new type of attack potential called a DDE attack - a way of launching malware from a web download, an email attachment, or even directly from the body of an Outlook email message or calendar invite.

Just say no

Attachments, emails and calendar invites pop up two giveway warning dialogs before triggering a DDEAUTO attack; if you say “No” at either dialog then you prevent the attack. 

First, you’ll see a warning like this when DDE is used:

Clicking “No” will stop a DDE attack from running.

If you click “Yes” at the first dialog, you will see a second dialog warning that a command is about to be run (the text in parenthesis and the program names referenced at the end will vary):

Again, clicking “No” will stop the attack.

For more information, please refer to the following page and video

https://nakedsecurity.sophos.com/2017/10/22/office-dde-attack-works-in-outlook-too-heres-what-to-do/

Be on alert for the OneClass Chrome Extension.  It is a phishing scam where once the extension is installed, it will attempt to send an email on behalf of the user and collect Campus-Wide Login (CWL) credentials.

How the phishing works:

Students will receive an email that includes a link to install the OneClass Chrome Extension.  During the installation, the user will be prompted to accept its permission of “Read and change all your data on the websites you visit.” If the user accepts, a button will be created within Connect pages to “Invite your Classmates to OneClass.”

The plugin in the exension will also attempt to send an email to everyone in the user’s class to promote the OneClass plugin. The plugin contains a code that will attempt to collect user credentials (CWL username and password). 

A copy of the phishing ​email is below:

“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at <URL removed by UBC Information Security>.  I highly recommend signing up for an account now that way your first download is free!”

If you receive this phishing email, do not install the extension or click on any links on the email.  Please delete the email. 

If you already installed the extension, below are the instructions to remove the extension:

1. Open up your Chrome Browser
2. Select the 3 vertical dots in the top right-hand corner
3. Select Settings
4. Select Extensions in the top left-hand corner
5. Click the Trashcan beside the “OneClass Easy Invite” extension
6. Select Remove on the Confirm Removal Popup
7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)

Once you have removed this extension, please go to webadvisor.nipissingu.ca to reset your Nipissing CWL password.

If you have any questions, please contact techserv@nipissingu.ca​

There have been reports of increased email phishing attacks on Canadian Universities. Please take extra care to verify the authenticity of any email asking for personal information or wanting you to click on a link. If in any doubt please call the Nipissing UTS Helpdesk at x4342 or email techsrv@nipissingu.ca

1. Faculty are being impersonated, and sending messages that were somewhat 'context appropriate' to a number of people, directing them to a download link to pick up a document. 
    
2. Staff and Faculty are being targeted by unknown malefactors in a University Employee Payroll Scam.  This scam has already made its rounds in the United States and is now targeting Canadian Universities.

   Details:
   University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.

   Consequences of this Scam:

   • The employee’s paycheck can be stolen.
   • The money may not be returned in full to the employee.
   • The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.
3. Students are being victimized by the ‘Work-from-Home’ Scam.  The ‘Work-from-Home scam asked students to set up a bank account (on behalf of the malefactor) and send the details away.  The accounts are used to transfer money and the victims are responsible for the financial liabilities.  This scam is a form of identity theft.

World Backup Day is a global initiative to remind and teach people to properly and safely backup their files. At Nipissing University, we have our shared and home directories backed up daily to keep all our hard work safe. 

For your personal documents and family photos, you may find the information at worldbackupday.com helpful. No matter which method you choose, we recommend you use strong passphrases to secure all your information.

Some of you may have received an email message from "Student Involvement" with the subject line Fw: new message.   The message asks you to click the link provided to open a message.  THIS IS A HOAX. 

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

The email many of us received this morning titled: "IT Service" asking to verify your account, is not a legitimate request from UTS. Please do not respond to or follow any links in this or similar messages. 

UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Some members of the Nipissing University community have reported that they have received phishing scams as text messages. Please exercise the same caution you would with your email when you receive texts with links claiming to be from banks or other service providers. When in doubt, contact the organization using trusted contact information from the official source to verify the message is legitimate. 

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

• Phishing - Wikipedia, the free encyclopedia
• https://en.wikipedia.org/wiki/Phishing

Some of you may have received an email message from a colleague with the subject line Fw: new message. The message states new message, please read and provides a link.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows. 

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please contact the Technology Services Desk immediately.

Some of you may have received an email message from a colleague with the subject line IMPORTANT.   The message asks you to follow a link to view your message.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please contact the Technology Services Desk immediately.

This is a reminder that you should NEVER use the same password on more than one website or service. This is especially important with your email password. 

There have been several instances recently where users have used their email address and email password to login to a third party website, thereby providing both the third party website operators and any potential hackers access to their email and all of the information contained therein, including any banking/credit card information, passwords to other services, other personal data etc.

We strongly recommend that you change your email password as soon as possible and on a continual regular basis. This applies to all onsite passwords.

The use of the same login name and password for access to different accounts and websites is strongly discouraged. If a website that you visit is compromised, the attacker will have access to the login names and passwords that were used. 

If this website's login name was your email address, the attacker now has that piece of information. If you used the same password as your email account, the attacker now has access to your email account, all the personal information contained within, and even the ability to reset passwords for other sites.

There are several secure password apps available that do a good job of providing tracking and securely saving login names and passwords.  A search of the App Store will give you some to research. We recommend: Keeper Password Manager & Digital Vault by Callpod. We will followup with a more detailed message on this type of app.

For added security on your Nipissing email account, consider enabling 2-step verification. 2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, one would not only have to know your username and password, they would also have to have your mobile phone.  

Learn more about 2-step verification here: https://support.google.com/accounts/answer/180744?hl=en. You can set it up yourself, or we can help you.

Some of you may have received an email message from "Harry Culham" (Harry.Culham@cibc.com) with the subject line CIBC Customer Documents.   The message states that you can view/print your notice of documents.  THIS IS A HOAX. 

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

Dear Nipissing Community,

Canadian banks have recently become a popular target for online fraud. Please consider the following when banking online:

• When logging into a bank's website, make sure you are on the proper site.
• If you receive an email from your bank, verify that the email address is legitimate.
• Be cautions of links in emails.
• If you are ever uncertain, contact your institution to verify the request.
• Please review this article for more information: 
  http://www.itworldcanada.com/article/canadian-banks-targeted-by-new-zeus-malware-variant/101426

If you feel that you have been a victim of an online scam, contact the appropriate authorities.

The Canadian Cyber Incident Response Centre (A division of Public Safety Canada) has sent us the following warning:  

The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent emails and websites to entice employees to reveal login credentials.

If you believe that you have been victimized by this scam, we recommend filing a report with your local law enforcement agency and change all your Nipissing passphrases. UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Some of you may have received an email message from Administrator <amturner@mail.fhsu.edu> with the subject line System Upgrade- Verify Your Email Account‏‎ or Suspicious Login Detected? from Technical Support <flb@choiceonemail.com>.  These messages state that you need to confirm your identity by replying to an email address.  THIS IS A HOAX.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call ext 4342  immediately.

In an effort to increase our online security, Technology Services requests that you to use a passphrase rather than a password wherever possible. This protects your access with short sentence rather than a simple word. Use a unique combination of letters and number. For Example, Th1s1sMyP@ssphr@se (This is my passphrase). 

We encourage you to watch this one minute video about password creation by Google:

How to Create a Strong Password 

Remember, UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

For more information on Online Security:

https://www.getcybersafe.gc.ca/index-eng.aspx

https://support.google.com/accounts/answer/46526?hl=en

Some of you may have received an email message from a colleague with the subject line Fw: new message.   The message asks you to follow a link to open your message.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please contact the Technology Services Desk immediately.

Some of you may have received an email message from nipissingu Web Team <maplespringcob@atlanticbb.net> with the subject line Your Mailbox has exceeded its storage limit.   The messages states that you need to confirm your identity by replying to an email address.  THIS IS A HOAX.  

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Some of you may have received an email message requesting money with the subject line "Request" or something similar.  THIS IS A SCAM.  Please disregard these messages, should you receive them.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Some of you may have received an email message from someone you know with the subject line Re: IMPORTANT DOCUMENT.   The message is a HOAX and asks you to click a link and to sign in using your email for secure access.

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

If you have entered personal information after clicking on a link or suspect fraudulent behaviour, please call the Help Desk immediately at 4342.

Some of you may have received an email message from "HelpDesk <lld@nipissingu.ca> with the subject line IMPORTANT NOTICE!.  WEBMASTER EMAIL ACCOUNT UPGRADE.  THIS IS A HOAX. 

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

Some of you may have received an email message from "Charlene Butler" (CButler@nwoesc.org) with the subject line WEBMASTER EMAIL ACCOUNT UPGRADE.   The message states that we are currently upgrading our new website accounts. This will provide you the ability to store a greatly Increased amount of e-mail correspondence in your e-mail account and  also reduce spam emails that is received in your email on the daily basis. Your account has been selected, as one of the accounts that are to be upgraded.  THIS IS A HOAX. 

Never respond to emails, open attachments, or click on suspicious links or unknown senders asking for personal information.

Always remember that UTS will never send you unsolicited emails asking for confidential information, such as your password or account details. We will never ask you to validate or restore your account access through email or pop-up windows.

If you have entered personal information after clicking on a link or suspect fraudulent behavior, please call the Help Desk immediately at 4342.

There's some evidence that Canadian Universities are getting hit quite hard with CryptoLocker Ransomware.  This appears also to be the case with US universities.

The malware encrypts the files on the computer then demands a fee to unencrypt the user's file.  This virus has the ability to spread to fileshares and USB devices.

This message is just a reminder to our user community to be careful when visiting unfamiliar websites or opening emails from unknown senders. Do not download or open files that you have not specifically requested. Be wary of links embedded in an email, type the link into your browser instead.

And as always, never respond to email requests for user information from anyone. Legitimate services, banks, credit card companies, email providers, Nipissing University Helpdesk will never ask you for information in an unsolicited email.

Please make sure that your anti-virus software is running and up to date.

If you have any questions or concerns please contact the Helpdesk at extension 4342.