Phishing Scam Alert: OneClass Chrome Extension

Be on alert for the OneClass Chrome Extension.  It is a phishing scam where once the extension is installed, it will attempt to send an email on behalf of the user and collect Campus-Wide Login (CWL) credentials.

How the phishing works:

Students will receive an email that includes a link to install the OneClass Chrome Extension.  During the installation, the user will be prompted to accept its permission of “Read and change all your data on the websites you visit.” If the user accepts, a button will be created within Connect pages to “Invite your Classmates to OneClass.”

The plugin in the exension will also attempt to send an email to everyone in the user’s class to promote the OneClass plugin. The plugin contains a code that will attempt to collect user credentials (CWL username and password).

A copy of the phishing ​email is below:

“Hey guys, I just found some really helpful notes for the upcoming exams for <University Name> courses at <URL removed by UBC Information Security>.  I highly recommend signing up for an account now that way your first download is free!”

If you receive this phishing email, do not install the extension or click on any links on the email.  Please delete the email.

If you already installed the extension, below are the instructions to remove the extension:

  1. Open up your Chrome Browser
  2. Select the 3 vertical dots in the top right-hand corner
  3. Select Settings
  4. Select Extensions in the top left-hand corner
  5. Click the Trashcan beside the “OneClass Easy Invite” extension
  6. Select Remove on the Confirm Removal Popup
  7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)

Once you have removed this extension, please go to webadvisor.nipissingu.ca to reset your Nipissing CWL password.

If you have any questions, please contact techserv@nipissingu.ca​