ITS

Information Technology Services
Information Technology Services

CSAM Banner - Article Two

October is Cyber Security Awareness Month! Each week, Information Technology Services (ITS) will be releasing a new article to help our community stay safe online. For more information about this initiative, visit the ITS Cyber Security Awareness Month 2016 page.

Here phishy, phishy, phishy!

It’s Monday morning and you’re filtering though some emails that have come in over the weekend when one of them catches your eye:

Example of phishing email asking you to Click Here

Wait, what?

This email is saying you must validate your email account in order to ensure your account is secure from hackers and failure to do so within five days may result in the exclusion of your account from the database and possibly the loss of your account. *Note: this is an actual phishing attempt that arrived through Queen’s email system.

With the example above, clicking the link would have directed you to a false login page where you would be asked to enter your NetID and password.

Clicking on a verification link in an email puts you at risk for several outcomes of varying degrees:

  • You may be infected by malware, which is malicious software designed to infiltrate the computer system without the user’s knowledge. This could lead to virus infection or your email could become a sender of spam to other email addresses within the system.
  • Your computer could be locked by ransomware. When a computer is locked by ransomware, the attacker will demand payment in return for access to your computer and/or files.
  • If you’ve given away your NetID and password by logging into the fake verification process, you’ve essentially handed over your keys to the Queen’s network. The recipient of that information can now log into anything you have access to at Queen’s. This includes not just your email account but, if you’re an employee, a hacker can access MyHR and change your address information, obtain your social insurance number from your T4 slip and divert your paycheck into another account!
  • Phishing attacks remain one of the top causes of a data breach, which can affect as small amount of people such as a section of a department or as large as the entire university.

It may seem like nothing happens after verifying your account and by the time you realize your account has been compromised, the hackers may have already begun to steal your identity. According to the US Federal Trade Commission, it takes approximately 6 months and 200 hours to recover from identity theft.

Image of a laptop computer with a fishing hook sitting on the keyboard.


What would a savvy computer user do?

A cyber savvy individual would …

  • be able to tell that the example above is a classic phishing attempt. Phishing is a form of attempted identity theft to lure victims into giving away sensitive information, usually through email. Check out the Phishing Samples page on the ITS website for more examples.
  • use a secure file storage method. If your computer does get attacked, you can access your files from another computer or device.
  • have taken the Cyber Security Awareness Course. We encourage every user on campus to either take the course if you haven’t or retake the course to refresh your knowledge.
  • contact the company directly instead of clicking on the link. For example, if you get an email from your banking institution indicating that your bank account will be shut down or has been compromised, contact your bank directly by phoning their official phone number to clarify.
    Please note that ITS will never ask for your NetID password.

Not sure what to do with a suspicious email?

If you think your computer has been compromised, change your password immediately and please contact our IT Support Centre as soon as possible by calling 613.533.6666 or fill in the Online Help Form. If you receive an email that you recognize as a phishing attempt, report it to abuse@queensu.ca.

Cyber security is our shared responsibility.

Related:

Tags: