April 14, 2020

Cyber hygiene is critical if you want to catch the phish

Don’t get hooked by phishing scams as cyber crimes skyrocket

So you’re working from home — does this mean that you stop showering, brushing your teeth or taking care of any other personal hygiene? Hopefully the answer is no. During a pandemic when we’re confined to our homes, our need for all types of hygiene increases, but one type often gets overlooked: cyber hygiene.

According to the Canadian Centre for Cyber Security, there has been an increase in reports of phishing scams. This adds more risk during an already stressful global pandemic when people are vulnerable. Understanding how to practise good cyber hygiene during this time is critical.

What is phishing?

Phishing is an impersonation of a corporation or other trusted institution. Examples include health-care organizations, educational institutions, government agencies, or other official sources. The associated emails often contain a link that promises key information, relevant data, or tracking information regarding the coronavirus.

The goal of the impersonation is to extract passwords or other sensitive information from the victim. It is a criminal activity using social engineering techniques, and is usually done using email, instant messaging or text. Criminals work to make the email as authentic looking as possible, so the victim will either directly respond, or will open a URL link to a fake website run by the criminals.

How is it done?

Criminals (hackers) send out spoof (fake) emails. These emails are randomly sent to thousands of email addresses, simultaneously. Criminals want valid UCalgary faculty or staff members to respond to their requests.

Some emails are obviously a scam, while others are more subtle. Many have poor grammar or spelling, but all have been very effective in acquiring user IDs and passwords. Criminals usually do this on the premise of wanting to obtain security details, getting you to share that information verbally, or by clicking through to another website that the criminal has created.

Your information is recorded and could be used to gain access to your account. The result could be fraudulent emails being sent from your email account, access to your computer files and/or accessing your private information to commit identity theft.

At UCalgary, the Information Technologies team is working diligently to ensure you’re protected from cyber crime both at work and at home. IT uses spam blocking technology which identifies and blocks 85 to 90 per cent of all inbound email messages. This is more than 99 per cent of the spam directed at UCalgary faculty and staff. Unfortunately, even with the best spam blocking technology, some spam will get through to your inbox, so they need your help.

“While it’s unfortunate in times of crisis that cyber crimes increase, we need to be even more vigilant about staying safe online,” says Mark Sly, IT director, security and architecture. “While the UCalgary community adjusts to working remotely, we all need to make sure that we are practising healthy cyber hygiene.”

So what can you do? How do you increase your cyber hygiene during COVID-19? Follow these tips:

  1. DO NOT take technical advice by phone or email from anyone claiming to be from Microsoft or Apple.
  2. Delete and DO NOT respond to suspicious emails. Trust your instincts — if you think it’s a scam, it probably is.
  3. DO NOT email personal or financial information.
  4. DO NOT click on links in an email claiming to bring you to a secure site.
  5. DO NOT provide passwords credit cards or any personal information in an email. Trustworthy companies, or individuals, will not ask for personal information in an email nor will they ask you to do something to your computer. For example: “Follow these instructions to remove an infected file.”
  6. If you receive an attachment from someone you do not know or an unexpected attachment from someone you do know — DO NOT open it. Check first to ensure that it is a legitimate attachment.
  7. DO report the phishing scam. If it is an email to your ucalgary.ca account, forward the message through your junk mail tool.
  8. DO regularly check your bank, credit and debit card statements to ensure all transactions are legitimate.
  9. DO contact the organization by using a telephone number from a credible source such as an official website or a bill (but NEVER from the suspicious email or text).

Think you caught a phish while working from home? Follow these steps to report it to UCalgary IT.

Remember, cybersecurity is everyone’s responsibility. Visit the IT cybersecurity website for information on how you can become cybersecure, at home and at UCalgary. If you have questions or concerns about cybersecurity, contact the IT Support Centre at itsupport@ucalgary.ca, online through live chat or by telephone 403-220-5555.

COVID-19 resources