Cyber Security
November 21, 2022
Researchers Targeted in New Phishing Attack Involving Google Drive
A Chinese government-sponsored advanced persistent threat (APT) group has launched spear-phishing attacks to target education, government, and research sectors worldwide. The attackers are delivering custom malware stored in Google Drive. The attacks were discovered between March and October 2022. The primary targets of the group were located in Japan, Australia, Myanmar, Taiwan, and the Philippines.
More information on how the attack works here.
November 8, 2022
BazarCall Attackers Target UWinnipeg
UWinnipeg email users may be targeted by a BazarCall attack. This "callback phihshing" attack wants people to contact a fake technical service center whereby the perpetrators will attempt to get the user to install malware on their computer.
BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.
You can read up about this attack at this link.
If you receive a message like this, please reach out to the TSC Service Desk immediately. Do not call the number.
October 2022 is Cyber Security Awareness Month
This year's theme is Fight Phishing: Ruin a cyber criminal's day!
Cyber Security Awareness Month (Cyber Month) is an internationally recognized campaign held each October to help the public learn more about the importance of cyber security. This campaign helps Canadians stay secure online by teaching them simple steps to protect themselves and their devices.
Phishing is a cyber criminal’s attempt to get sensitive information by pretending to be a legitimate sender like a bank or a government organization. Phishing is the third most common scam in Canada. Each week, we’ll highlight different aspects of phishing scams to help Canadians prepare themselves against, or recover from, all types of phishing.
Week 4: Putting it all together
October 24-28
- Older adults are often targeted by phishing scams. Help them #GetCyberSafe and ruin a cyber criminal’s day by showing them the signs to spot a phishing message, like urgent or threatening language. #CyberMonth2022
- Kids can be targeted by phishing scams, like in online games with offers of free loot. Take time to ruin a cyber criminal’s day with your kids by pointing out the signs of phishing. #GetCyberSafe #CyberMonth2022
- The things you post affect more than your follower count. Limit what you share online (or who can see it) to prevent cyber criminals from using your personal info against you in a phishing scam. #GetCyberSafe #CyberMonth2022
- Make learning about phishing fun with the Get Cyber Safe Agency workbook for kids! It’s a great way to teach kids cyber security basics — and have a blast while doing it: https://www.getcybersafe.gc.ca/en/resources/get-cyber-safe-agency
Week 3: Prevention
October 17-21
- #DYK password managers can help protect you from phishing? By helping you create strong and unique passwords, they make it tougher to hack your accounts (and ruin cyber criminals’ days at the same time). #GetCyberSafe #CyberMonth2022
- Securing your accounts with multi-factor authentication (MFA), like an email or code by text, can stop a cyber criminal’s plan to break in — even if they have your password. #GetCyberSafe #CyberMonth2022
- Receive a phishing email at the university? Report it to your IT team to help your coworkers and fellow students #GetCyberSafe and recognize the signs of phishing — and ruin a cyber criminal’s day in the process. #CyberMonth2022
- You can #GetCyberSafe and protect yourself from phishing scams by using multi-factor authentication (MFA) on your university online account. If you are not already on MFA, contact the TSC Service Desk to get started! #CyberMonth2022
- How strong is your university online account password? A strong and unique password makes it tougher to hack your accounts (and ruin cyber criminals’ days at the same time). #GetCyberSafe #CyberMonth2022
- Have you received a phishing email pretending to be from the University of Winnipeg? Report it to the TSC Service Desk — and ruin a cyber criminal’s day in the process. #CyberMonth2022
Week 2: Where, why and how it happens
October 10-14
- Getting familiar with the signs of a phishing scam, like:
- Urgent/threatening language
- Incorrect sender email addresses
- Suspicious attachments
- can help you #GetCyberSafe this #CyberMonth2022 and ruin a cyber criminal's day!
- Learning about types of phishing, like smishing (phishing over text), spear phishing (a targeted form of phishing) and whaling (which often occurs at work) can help protect you and ruin a cyber criminal’s day! #GetCyberSafe #CyberMonth2022
- Cyber criminals trick you into sharing your personal info by using social engineering. You can #GetCyberSafe and ruin a cyber criminal's day by looking out for the signs of phishing and limiting what you share on social media. #CyberMonth2022
- At th University of Winnipeg, when we contact you by email, we will never:
- Use threatening language
- Ask for payment by gift card
- Send an email from an account that doesn’t end in “uwinnipeg.ca”
- If a communication from anyone from a University department sounds suspicious, try to contact that individual directly or forward the message to the Technology Solutions Centre Service Desk at servicedesk@uwinnipeg.ca for further verification. #CyberMonth2022 #GetCyberSafe
Week 1: You got phished
October 3-7
Even the savviest tech expert can fall for a phishing attempt. This week, we’ll focus on actionable steps to take to recover from a phishing attack with topics including:
- How to tell if you have been phished
- Actionable steps to recover from a phishing attempt, such as:
- securing affected accounts
- setting up anti-virus software and automatic software updates
- data recovery and backup
- Reporting the scam
Resources