Information Technology Services (ITS) officials are warning members of the Western community to stay alert as the university remains under e-attack this morning. The latest attack, via an email phishing attempt with the subject line “Letter From Western University,” came at 10 am. today.
“This is a very sophisticated and well-organized attack specifically targeted at Western. And it is ongoing today,” Jeff Grieve, ITS director, said. “We continue to actively monitor the situation, and have taken steps to limit the impact of the attack, but all members of the campus community must also continue to be vigilant.”
Grieve reminded all that Western will never send an email asking users to verify their username and password. When you receive these kinds of emails, report them to ITS at wellness.uwo.ca/phishing.html.
On Tuesday, July 16, a targeted phishing attack went to 1,092 email accounts on campus and netted 32 individuals. Those who responded provided the perpetrators with possible access to their personal information that includes potential access to date of birth, social insurance number and banking information.
Universities are regularly targeted by phishing scams. More traditionally, these attacks are technical in nature and seek to take users to sites like “IT Help Desk” that don’t look much like an official Western site. The perceived credibility and authenticity of the link in this recent attack, however, gave it added credence in the eyes of email users.
“People would be particularly susceptible to this one because it took them to something that looked exactly like our HR system login page,” Grieve said.
Also, the timing of the attack, middle of summer, may be an attempt to catch the university at a slower period in its academic calendar.
The bogus emails contained two separate non-Western URLs, which looked and acted almost identical to Western’s Human Resources website.
If you have responded to this email, ITS asks you immediately contact Jeff Gardiner, Western’s Central Information Security Officer, at firstname.lastname@example.org or (519-661-2111 ext. 81091).
In addition, you should take the following steps:
- Examine your Human Resources account to ensure your banking information is correct;
- If your banking information has been changed, contact the Human Resource Communication Centre at email@example.com or 519-661-2194 (ext. 82194) immediately;
- Change your password.
Phishing attempts often originate outside of Canada and are becoming both more frequent and more sophisticated.
Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Over the past year, phishing scams cost banks and credit-card companies more than $10.2 billion.