This October, in recognition of Cyber Security Awareness Month, the IT&S Help Desk team at MSVU has been sharing information and resources on how to stay secure online.
Cybersecurity Awareness Month is an international campaign held every October to increase awareness and prevention knowledge regarding cybersecurity and cybercrime. Though Cybersecurity Month is soon coming to an end, it doesn’t mean that we should stop learning about the importance of keeping our personal and work-related data protected in this fast-paced digital world.
Learn more on how to spot the red flags of three common cybersecurity scams below.
Phishing scams
Phishing is when a criminal uses emails, SMS text messages (see Smishing below), web forms, and viruses to trick you into revealing your password or other personal information, or installing a virus. These criminals may be trying to commit fraud, extortion, data theft, or computer hacking to access your personal information.
10 phishing email red flags
- Poorly written: Spelling, grammatical, or capitalization errors
- Unfamiliar email address
- Threatening, urgent, with time limits or deadlines
- Contain links to websites with unfamiliar or strange URLs (web addresses)
- Asks for personal information
- Asks you to confirm or validate your account
- May have attachments
- Was not initiated by you
- Too good to be true
- Just doesn’t look right
See more phishing email examples.
Smishing/messaging attacks
Smishing is a type of phishing attack done over mobile text messaging. When a scammer sends phishing texts, it’s called “smishing” for “SMS phishing.” Smishing can be carried out through SMS and non-SMS channels, such as direct messaging apps. Smishing texts can have the same red flags as phishing emails.
Five smishing/messaging attack red flags
- The message has a huge sense of urgency as if someone is trying to rush you into taking action
- The message asks for personal information, passwords or other information that they should not have
- A text that sounds too good to be true
- Text appears like it is coming from someone you know but the wording does not sound like them. Their account may have been hacked and taken over by an attacker pretending to be them to try and trick you into taking action.
- A message gives you a strong reaction. If so, take a moment to calm down and think things through before you respond.
Important Note: According to the IT&S Team Help Desk team there is currently a smishing scam happening on campus. Scammers have recently been texting students pretending to be IT&S asking for their multifactor authentication (MFA) codes, which, along with a phished password, enables scammers to log into their accounts. Remember that IT&S will never text you asking for your MFA codes as they are for your eyes only!
Whaling email scams
Whaling is another form of phishing that exploits our trust in and respect for authority figures. It is also known as CEO fraud, where someone pretends to be a manager, CEO, or other authority figure.
Six whaling email red flags
- A “{Spam?}” warning tag in the subject line
- The sender email address is not from @msvu.ca and doesn’t match the sender’s name
- A warning that says “This message was marked as spam using a junk filter other than the Outlook Junk E-Mail filter”
- An imposter warning that this message is not really from who it appears to be from (See image below)
- They request you to do something quickly
- They ask you to buy gift cards and then email them back the serial numbers
Remember, technology can only do so much; being aware of cybersecurity threats, practicing proper Digital Hygiene and cybersafety, and knowing how to spot these scams is the best prevention. We all share the responsibility of creating a safe and secure IT environment.
Get more cybersecurity tips on the cybersafety page.
MSVU students, faculty and staff can also take a FREE Cybersecurity Awareness Training Course.
Finally, if you have any questions, contact the IT&S Help Desk at heldesk@msvu.ca or call 902-457-6538.