Couchman: Scammers casting about as phishing season heats up

Halloween has come and gone, but I have something scary I’d still like to share with you – the subject of phishing emails.

’Tis the season for phishing scams to increasingly clog up your email accounts, each pretending to be from Amazon, social media platforms (Facebook, Instagram), or other online companies.  Sometimes these messages appear to be from colleagues, fellow students, or individuals known to you.

These messages will typically state that there is something you urgently need to do – there is ‘an issue’ with your account or order, for example – and that you need to take action by logging on to the link provided in the message.

How phishing works and why it matters

Every day, you receive messages that fall under the category of phishing. These types of messages contain content related to some sort of plea or call to action and usually contain a web link that will invite you to provide your username and password.

The scary part is just how good these messages are becoming and how many people fall victim to these scams, not just at Western, but out in the world, as well.

The link you click on appears to be a legitimate service but, in reality, is a fake site used to have you produce your credentials, which criminals then have at their disposal. After you have entered your credentials, the website will typically show an error message that the service you are trying to open is not available at the moment, but it would be too late. The objective of the criminals is your username and password, often used to log in to your accounts to send phishing messages to your contacts, or as a means to engineer identify theft or access to your finances.

Examples of phishing

When these messages appear within mailboxes at an organization like Western, the sender either appears to be from the university or another source that seems legitimate.

Some phishing messages can appear to be part of a scam very easily. The example below is a fairly good example of what might appear to be a generic attempt to obtain your username and password (note the impersonal nature of the message, the lack of a subject, and the inclusion of a threat followed by a directed action):

The sending email account is likely to be unknown to you. Simply forward to phishing@uwo.ca and delete the message.

Others appear a bit more problematic at first glance but reveal themselves to be scams when you look at the message in more detail. The example below looks like it could be coming from the organization’s IT shop, but there are troublesome items embedded in the message:

First, Western would not send a message to its community looking for these details.

Second, notice the impersonal nature of the message, the generic subject, and the inclusion of a threat (always a hallmark of these types of messages). Keen-eyed receivers of this message would notice that the department (ICTS) in this message does not line up with any department at Western.

We have all seen these messages that appear to be from a person at our institution and looks like they need to share a document with us:

This type of scam typically originates from an account within our organization that has already been phished and the criminals make the message appear as though it is from a legitimate Western address (which, technically, it actually is). The bad actor involved is trading on inside familiarity as the key ingredient.

Likewise, we have begun to see incredibly sophisticated attacks which appear to be from senior leaders within Western and look like they could be quite legitimate:

And this one, which is also exceptional:

The subject lines look coherent, the signatories appear to be well-known individuals at the university, and the content is both specific and timely. Typically, these messages are sent from an address that is either external or unfamiliar – that is the first sign it is an issue. Secondly, if you hover over the link within these messages, you will notice that they seem to go somewhere illegitimate.

Time to be beware.

What do you need to do?

This scary story does not end here, sadly.

While Western is engaging in strategies that will minimize the delivery and effects of these phishing attacks, we will see more of these messages in the future, and they will become more sophisticated over time. We need each of you to be vigilant and to report these messages to phishing@uwo.ca and then delete the message.

Study after study state that the most effective tool for cyber-security is awareness and building a strong culture of cyber resiliency.

At Western, we call this being CyberSmart.

Some tips on being CyberSmart

Here are some things you should be doing or should do if you come in contact with these types of messages:

  • Do not share your password. This statement appears to be easily understood, but many still share their credentials with friends, acquaintances, and family members.
  • Do not use your Western username and password elsewhere. You are welcome to use your Western email address as your login for other services, but please do not use your password as well. There are many examples of data breaches at other companies where their username and password lists are sold on the dark web. This particular circumstance is more common than you’d like to think, so we ask that you be diligent and use different passwords on different systems. It is recommended that you use a Password Manager to help you remember all of your different account configurations.
  • If in doubt, ask. Call or email the Western Helpdesk at 519-661-2111 ext. 83800. Email phishing@uwo.ca if you need to ensure a message is looked at.
  • As a good practice, back up your data. Whether you are a student, a staff member, or a faculty member, backing up your data and keeping these copies in a safe location is the best way to mitigate these attacks. If your system is corrupted by such an attack, all you would need to do is have the operating system and applications re-installed and then copy your files back and you will be up and running without paying a price or wondering if you will be able to get your files back.
  • Update and patch your devices. Yes, it is a pain when you are prompted to install updates on your devices, but it is critical that you do so. Vendors are constantly dealing with these threats and issue updates for your systems to repel these attacks.
  • Do not click on or open suspicious links or documents. If you suspect something, send the email to phishing@uwo.ca for Western Technology Services (WTS) to take a look.
  • Act quickly. If you suspect your device is infected, power off the device and seek assistance from your local IT support, WTS, or your technical go-to person. If powering off is not an option, then isolate the device by shutting down network connectivity or by removing the network connection (if applicable).

Increase your awareness and learn more about being CyberSmart and the ways to recognize digital threats by reading this pamphlet.

Later this month, Western will launch cyber-security awareness learning modules that will allow you to take self-paced, short content mini-courses, such as Information Security Awareness Essentials.

Information Security Awareness Essentials will be available on cybersmart.uwo.ca and you will be able to obtain a certificate upon completion of the module.

Colin Couchman is the Director (Cyber Security and Business Services) at Western Technology Services.