Scam of the week #1: Someone? has shared a file with you
Welcome to the first in a series of posts focused on social engineering attacks that we are seeing at the University.
What is a social engineering attack? There are a couple of different ways that cybercriminals are trying to get access to our systems. Sometimes they attack flaws in our technology itself, and sometimes they use tricks aimed at the people who use the technology. The latter category is called Social Engineering, and perhaps the most well-known method of social engineering is called Phishing.
Phishing is the use of a fraudulent email designed to trick a person into doing something like:
- Revealing a password
- Installing malware
- Giving up personal information
Over the past two weeks we’ve seen several phishing attempts that follow a similar pattern. The phishing email appears as though someone is sharing a file with you, but it will usually come from someone you don’t know.
The attackers are launching these attacks from Google and Microsoft accounts at other schools that they have previously compromised.
Here is an example:
Let’s take a look at some of the details in this message:
- The email address sharing the file is at the domain @arhs.org. If you don’t recognize the name or the organization sharing the file, it’s probably a trick.
- When sharing files using these tools, there is always an option to include a short message, giving the recipient some context around why you are sharing the file. If the attacker has done their research, this is where they can get very sneaky. This message includes the name of Dr. Wamsley to give the message credibility.
- A common tactic is to include phrases such as “needs urgent attention”. People are more likely to open a message that sounds urgent.
Here is some general advice when someone shares a file with you:
- If you are not expecting a document, reach out to the sender another way (other than replying to the email). Give them a call, or chat on Microsoft Teams and ask them if they really did share a file.
- Be wary of language that implies a sense of urgency.
- If you aren’t sure, forward the message to UTS (techsrv@nipissingu.ca) for assessment. This won’t bother us at all, and the sooner we know that messages like these going around, the sooner we can send out a warning to all staff and students.
- Finally, any link from an email that leads you to a login page should be approached with extreme caution.
Thank you for your continued diligence!
- The UTS Team