Over the past year, the University has been the victim of online security attacks.
“We’ve seen trends in the types of attacks that happen on campus,” says Kevin Macnaughton, team leader security in IT Services. “We hope that revealing some of these to the campus will go a long way in helping staff avoid these common scams.”
Phishing
- Gift Card Scam: the attacker sends an e-mail to the victim that looks like it comes from their boss. In the email, the victim is asked to buy some gift cards and reply to the email with the activation codes.
- Scareware attack: the attacker sends an email claiming that they have access to your computer and have observed you surfing pornography. They threaten to expose you unless you pay them, typically using a digital cryptocurrency like Bitcoin.
- JOB ALERT scam: This is an information-gathering scam, where the sender hopes that you will provide useful information, such as your full name, location and cellphone number.
Ransomware
The attackers have installed malicious software on your computer that prevents access to the data on the hard drive and network shares. Once they’ve locked you out of the files, they display a notice on the screen asking for a cash payment in order to give you the key to access the files.
Account Compromise
The attacker learns the username and password to an account. Once they log in, they can abuse the account to send spam, conduct a phishing campaign, or try to access resources and steal confidential data. Over the past year, the University has suffered 64 compromised staff accounts, and have learned of more than 3,500 uwindsor.ca accounts exposed on the Internet.
Loss of Computer Equipment
Information, especially personal information, is very valuable. Attackers will steal computer equipment not just for their resale value, but also for the information they may contain.
Led by IT Services, Cybersecurity Awareness Month efforts will bring awareness to the above topics. More information, along with how you can protect yourself, is available at uwindsor.ca/cybersecurity, which will be updated regularly with best practices and current threats.