Category Archives: Phishing

Phishing Attempt – Feb 13, 2017

ITS has received reports of phishing/malicious emails being sent to various college staff.  The Phishing email claims to be coming from “Christine McTighe” looking to get payment status and provides a copy of an invoice attached. DO Not Click on any attachments.

Please See Example

From: Christine McTighe [mailto:Christine.McTighe@outlook.domain.invalid]
Sent: February 13, 2017 12:41 PM
To: XXXXXXX
Subject: Past Due Invoice

Good day XXXXX,

Attached you will find a copy of invoice 32957 in our system.

We are looking to get payment status.

Thank You!

Christine

 

Phishing Attempt – Feb 9, 2017

ITS has received reports of phishing/malicious emails being sent to various college staff.  The Phishing email claims to be coming from “Sarah Wilkins” looking to get payment status and provides a copy of an invoice attached. DO Not Click on any attachments.

Please See Example

From: Sarah Wilkins [mailto:Sarah.Wilkins@office365.domain.invalid..]
Sent: Thursday, February 09, 2017 8:07 AM
To: XXXXX
Subject: Past Due Invoice

Good day XXXX ,

Attached you will find a copy of invoice 583749 in our system.

We are looking to get payment status.

Thank You!

 

Sarah Wilkins

 

Phishing Attempt – Feb 8, 2017

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from Canada Revenue Agency stating that due to tax law, you may be exposed to further taxation and to download information. Please DO NOT click on any links.

Please See Example

Action is required

We have sent a query to your email address XXXX about Businesses – Tax information

Please see the following information and see to it that you have all the required.

Due to changes in the tax law, your employer (or employee) is put through another taxes. Because of this, you run the risk of losing 5-15% of your annual income.

Download and view the info here:

http://www.cra-arc.gc.ca/formspubs/menu-eng.htmlx

You necessarily need to check this data! The info in the document will help you avoid essential tax. If not, you may be charged further taxes.

Reverentially,

Canada Revenue

Businesses Tax information
For telephone, fax, and TTY (teletypewriter) numbers and for addresses, go to Contact us.
Canada Revenue
If you have received this message by mistake or you have chosen not to subscribe, then disregard this message or unsubscribe.

Phishing Attempt

ITS has received reports of phishing/malicious emails being sent to various college staff.  The Phishing email claims to be coming from Canadapost.ca | Support stating they were unable to deliver a package and refer you to download an invoice.  Please DO NOT click on any links.

Please See Example

 

Canadapost.ca | Support <no-reply@avrupaofiskale.com>

Notification – attempt # X

 

Dear customer,

We were unable to deliver your postal package on Jan 27, 2017 , 11:55 AM.

We would like to inform you with this automatically sent notification that the parcel was not delivered since no one was available at your shipping address.

Below you can get your shipping invoice. Please print it and take to the nearest Canada Post office in your area if you want arrange redelivery .

To view or download your invoice, please click the link :

https://www.canadapost.ca/cptools/apps/tracks/personal/printInvoiceNumber?execution=e2s

If the item is not requested for redelivery or taken within 72 hours, it will be sent back to the sender.

Kind regards,

 

2017 Canada Post Corporation

 

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims to be coming from “Erin Ross” stating that your email Quota has exceeded its storage and your password will expire.  Please DO NOT open any links or attempt any password Changes.

From: Ross, Erin [mailto:RossE@nhsd.net]
Sent: January 16, 2017 9:59 AM
To: Ross, Erin <RossE@nhsd.net>
Subject: Notice

ear User,

Due to essential maintenance,Your E-Mail Quota has exceeded it storage limit and your Password expires in 2 hours. You are to change your Password below via the ACCOUNT MANAGEMENT PAGE for Quota INCREASE.

Click on CHANGE-PASSWORD to verify account

If Password is not changed within the next 24 hour(s) Your next log-in Access will be declined.

If you do find any difficulties changing your password, quotas, accessing files or missing files, please contact the ITS Helpdesk.

Thank you

IT Services.

 

Phishing Attempt

ITS has received reports of Phishing/Malicious emails being sent to various college staff.  The Phishing email says you have received a new eFax. Please DO NOT click on any links in this email.

Anyone receiving an email with the subject You received a new eFax” or other similarly suspicious emails are asked to forward them to ITSHELPDESK@niagaracollege.ca and delete the email immediately.

Example:

phishing2016-12-20

Phishing Attempt

ITS has received reports of phishing/Malicious emails being sent to various college staff. The Phishing email requests that you log into your BMO bank account and verify your account. Please DO NOT click on any links in this email.

Example:

phishing2016-12-19

Phishing Attempt

ITS has received reports of phishing emails being sent to various college staff.  The Phishing email claims that your Apple iCloud account is on the verge of closure.  The phishing email then offers a link to correct the issue.  Please DO NOT click the link.

See Example Below

 

From: iCLoud – Apple Support [mailto:Support@iCLoud.com]
Sent: December 15, 2016 8:39 PM
To: XXXXXXXX
Subject: Your ID iCLoud has been expired !!

 

AppIe Store

Your account on the verge of closure !

your account was reviewed and flagged

You must secure your account now

Login And Secure Your Account

Phishing Attempt

ITS has received reports of phishing/Malicious emails being sent to various college staff.  The Phishing email claims to be a e-Transfer from the “Canadian Revenue Agency” stating they have sent you money and to deposit the amount given.  Please DO NOT click on any links.

See Example Below

From: Info <money@d-foods.com>
Sent: Thursday, December 15, 2016 11:02 AM
To: XXXXXXXX
Subject: INTERAC e-Transfer

 INTERAC e-Transfer

 

Hi ,
Canada Revenue Agency sent you $299.76 (CAD).

Message:
A message was not provided

Action Required:

Deposit Your Money  Expires: December 20, 2016

Possible Blackboard Security Issue

For users of the Google Chrome Web browser, there is currently a malicious Chrome Extension that is being used as part of a phishing attempt.  If the extension is installed it may attempt to send an additional phishing email on a student’s behalf while also attempting to collect user credentials.

The malicious Chrome Extension is not currently available directly via search in the Chrome Extensions Store.  Rather, students are being phished directly with a link similar to the following to install it:

https://chrome.google.com/webstore/detail/…class-easy-invite/aamdmgbfnjpdfkjjbob

During installation, the extension requests permissions to “Read and change all your data on the websites you visit”.  This malware installation process focuses on users’ tendency to accept terms without reading.  The extension will then add an apparent button inside of Blackboard Learn pages, seen only to the infected user, to “Invite Your Classmates to …Class”.

The plugin will then attempt to email all of the students in the infected user’s class (utilizing Blackboard URLs and resources, which are functioning as designed) to promote the plugin/product.  The plugin also has code that attempts to collect and send the sender’s user credentials (both username and password) to a third-party.  Blackboard Corporation is in the process of determining if the code could be successful in doing so.

The content of the email currently being generated by this malicious Chrome extension is similar to:

“Hey guys, I just found some really helpful notes for the upcoming exams for … courses at https://…class.com/s/signup.  I highly recommend signing up for an account now that way your first download is free!”

 

Please DO NOT install this extension.  If you receive an email similar to the above please inform the ITS Help Desk and then delete the email.

If you have any questions or require further information, please contact the ITS Helpdesk ITSHelpdesk@niagaracollege.ca or call 905-735-2211 x7642.