As the new year and term begins, I am writing with an important reminder for the College community regarding “Spear Phishing” emails. These are messages that appear to be from an individual or organization that you may know, but they are actually from hackers attempting to illegally obtain personal information such as credit card numbers, financial information, passwords or other information.
We’re grateful for the assistance of students and staff who have exercised caution and helped to identify these emails over the fall term. However, the instances of these emails remains high, and we must continue to be vigilant in protecting our systems from fraudulent attempts to access information.
Most of us at the College have access to confidential and private information that the students and employees have entrusted to the College. While the College, through its administrative systems and processes, controls access to this data, you are granted access to information you require to carry out your duties via your College computer credentials (username and password). All of us share a responsibility to keep our passwords secure and confidential.
We continue to see nefarious attempts to obtain access to your credentials via emails that ask you to click on a web link and provide your username and password. Clicking on these links can also trigger unauthorized activity that can reconfigure your computer to now send all of your keyboard activity or web activity to a non-authorized off campus third party. This is referred to as “malware” or “viruses”.
Phishing is not limited to our College. There have been issues at other organizations and postsecondary institutions regarding ransomware – where files on a server or computer are encrypted and a “ransom” needs to be paid before the files can be accessed. One example is the University of Calgary. There was also a recent issue at St. Catharines Hydro that is being investigated as phishing.
As a reminder: Niagara College’s ITS department or other Niagara College staff will NEVER send unsolicited requests for your College username, passwords or other personal information via email or text. Messages requesting such information are always fraudulent and should be deleted. These messages are always spear phishing attempts to obtain unauthorized access to your account. Some of these emails can look very convincing and sometimes they look like they come from the ITS Help Desk, other College colleagues and sometimes senior management. As mentioned before, they are always fraudulent.
While the best way to deal with these is to simply delete the email, if you would still like to notify someone, please forward it only to the ITS Help Desk (ITSHelpDesk@niagaracollege.ca). They will block further activity to the linked website so others at the College cannot accidentally access this site. Note, if you are using a home computer reading email, any website blocks put in place at the College will not work for you so extra care is needed. I also wanted to thank the many individuals that have taken the time to send these on to the ITS Help Desk so that we can alert and protect others.
The ITS Help Desk will continue to be posting these fraudulent emails on the ITS web site (its.niagaracollege.ca) as well as sending a ITS Alert via campus notice each time we are aware of a phishing attempt at the College. The ITS web site also contains other security and IT related information.
If you have any questions regarding this notice or any other computing questions, please contact the ITS Help Desk at ITSHelpDesk@niagaracollege.ca. As always, please practice safe computing – when in doubt ask before you click.
Chief Information Officer
Information Technology Services