May 14, 2017
Many organizations around the world have been affected by a massive, global ransomware attack. MacEwan IT has identified email coming into our network that might include the threat, and we ask that all faculty and staff be extra vigilant to ensure our systems remain secure.
If you receive an unexpected email that looks unusual, do not open it. Instead, delete it immediately and report it to the Technology Support desk.
The bottom line is that you need to be aware of the risks:
If you give your university login credential to a phisher, you give up the keys to the university’s data and systems, putting the integrity and security of the university at risk. With this data, criminals can lock up university systems, destroy data, or steal sensitive business or personal information.
Scammers can use your personal data to access your bank or credit card accounts. From there, it’s easy for criminals to clear your accounts, max out your credit, open new bank or credit cards in a your name, and steal your identity.
Phishing most commonly involves sending fake email or text messages under the name of a trusted institution in order to trick you into providing personal information.
MacEwan University, like any reputable institution, will never ask you to verify login credentials, account numbers or passwords by clicking on a link in an email.
Giving up your university login credentials gives scammers access to university systems and data, putting MacEwan at risk for data theft and destruction, or ransomware (software that blocks access to a system until a ransom is paid).
The following are some signs that indicate a message could be a phishing scam:
It has a sense of urgency and gives deadlines
It puts you in fear of losing money or promises winnings
It requests that you click on a link to verify a password, account information or credit card number
It comes from services you do not use
It includes PDF attachments
It contains poor grammar and spelling
It is an unexpected and out of character email from someone you know
It includes files or links that require you to download software to view
Links in the message are close, but not quite right. Links may contain all or part of a real company's name (e.g. Microsoft.com). Links are usually "masked," meaning that the text you see in the link does not take you to that website, but to somewhere else, probably a malicious website.
Here’s an example of masking (this particular example is safe, don't worry): MacEwan.ca The linked text tells you that you are being directed to the MacEwan University website, but clicking on it will take you to the City of Edmonton site.
Keep your software up-to-date
Sophos anti-virus software: The university offers free anti-virus software for work and home; links are within the Tech Support pages in myPortal.MacEwan.ca — both staff and student.
Make sure you have the latest version of your Internet browser installed. Most browsers identify and warn you of potential security threats. For more information, visit the browser’s websites:
If an email looks suspicious, don’t open it, or any attachments that came with it. If you opened the email and the contents look suspicious (see Spot a Phishing Message, above):
Don’t click links. More often than not, they’ll take you to fraudulent or malicious websites.
Don’t open attachments that come with emails
Do not reply to messages
Delete suspicious emails immediately
If you think you’ve disclosed personal information like passwords or credit card numbers to a malicious website, here’s what to do:
Block the sender.
Change your university network password.
Contact the company whose website was faked to report the scam. Don’t reply to the scam email: call the company or go online to find their real website.
Go to the real website for the company in question and change the password for your account.
Review your statements or accounts from that company to identify unexpected charges/changes.
Phishing and malicious websites
The URLs (malicious URLs) in phishing attacks will most often lead you to a malicious website. These sites look like the real deal, and trick you into providing personal information or downloading a virus that allows hackers access to your computer or institution’s network. Even legitimate-looking ecommerce sites can be fronts for a malicious websites.
Some malicious websites don't try to trick you. They attack you through security gaps in your web browser to install malware that can do anything from interfering with the operation of your computer (changing your default browser home page and installing pop-up ads, etc.) to collecting your personal information or even getting total access to your computer.
Find out more about malicious websites on the Data Security page »
There are several things you can do to protect yourself from malicious websites. First and foremost:
Never click on a link in an email or text to go to any site. Always type in the address manually or use a bookmark that you know is legitimate.
Make sure your computer, browser and important software are always up to date. See “Protect Yourself from Phishing” in the previous section.
Is the URL spelled correctly? Scammers will set up website URLs that are nearly identical to the spelling of a legitimate URL. Or they may use a legitimate website name like "Amazon" as part of their own malicious URL (e.g. www.amazonbuynow.com).
Look for the “s”
The URL of any secure, legitimate site that asks you for information (e.g. your credit card number) will begin with “https” rather than “http.” The “s” at the end of “http” stands for “secure.” These sites encrypt your information before it’s sent to a server. If you don’t see “https” in the URL, don’t type in your information.
A site may be malicious if it:
asks you to download or update software before you’re able to do something.
offers free stuff, or prices so cheap it doesn’t seem possible. If it looks to good to be true, watch out – these offers are probably bait. Do some research before you offer up any information.
is poorly laid out or it contains grammatical or spelling errors