Before reporting a suspicious email to phishreport@ufv.ca, please check to see if we've already posted an announcement about it here. If so, then you may simply delete the email.
Office of the Chief Information Officer
Before reporting a suspicious email to phishreport@ufv.ca, please check to see if we've already posted an announcement about it here. If so, then you may simply delete the email.
There has been an increase of malicious actors using the COVID-19 pandemic in phishing campaigns and malware scams. The emails are written to trick you into opening an attachment or providing login credentials. In current circumstances, there have been attempts to impersonate various health agencies.
The Canadian Centre for Cybersecurity lists ways that you can protect yourself from this type of scam:
Against Malicious Emails:
Against Malicious Attachments:
Against Malicious Websites:
UFV Employees have been targeted by email phishing attempts recently. These attempts are to gain access to networks through malicious email.
What do I need to do?
Be extra vigilant when opening email. Watch for suspicious or unexpected email with subject lines that may be similar to:
If you receive a suspicious email, do not respond to it and do not click on any links or downloads in the message.
Email subject lines can be changed frequently to escape detection. If you’re suspicious of an email, do not open and please forward it to phishreport@ufv.ca where ITS will determine if it is malicious.
Still need more info?
If you have any questions, please contact the IT Service Desk or call us at 604-864-4610.
Please be aware that in response to the rapidly rising number of cyber-security threats in our sector and globally, UFV is strengthening our cyber-security protocols and measures. Please watch for announcements and subsequent launches of further cyber-security systems in the weeks ahead.
Beware of emails which attach an Invoice or delivery notice. There has been an increase in these types of scams, especially for employees.
Remember to check the sending address and signature of the email. In recent cases, the sending address and email signature do not match.
Be especially wary if the email says the document is password protected. This is more than likely an indicator that the email is a scam.
If you have any questions, please email cybersecurity@ufv.ca, or forward suspicious emails to phishreport@ufv.ca.
What do I need to know?
A cyber scam is currently circulating from what appears to be the Canada Revenue Agency. This particular scam seems to be targeting students, faculty and staff at universities across the country via email. It advises of a tax credit owing to you and requests your response in order to provide your refund. Given we are in tax season, we can expect to see more of this type of cyber scam in the coming weeks and months.
What do I need to do?
Do not reply to or follow links in questionable emails. And please advise IT Services of any suspicious communications you receive. You can forward suspicious emails to phishreport@ufv.ca.
Still need more info?
If you are concerned that you may have shared your personal information (e.g. social insurance number of credit card number) with a scammer, the CRA advises you to contact police. For more information, see the Canadian government website at canada.ca.
To report a scam, visit the government’s website at antifraudcentre.ca or call 1-888-495-8501.
If you think you may be the victim of fraud or you unknowingly provided personal or financial information, contact your local police service, financial institution, and credit reporting agencies.
Beware of this common scam: you are asked or told to buy gift cards to pay imposters posing as a colleague, a loved one, or even government agencies.
How does it happen?
The scammer will often tell you to go buy a popular gift card (such as iTunes, Google Play, or Amazon) at a store near you. They may advise you not to talk to the store employees or answer any questions you are asked about your purchase. Once you buy the card(s), the scammer will ask for the gift card number and PIN on the back of the card. Those numbers let them immediately get the money loaded onto the card.
Once they have this money, they disappear.
Why gift cards?
Like lost cash, there is a good chance you will never get your money back. These scams offer anonymity, they don't require you to hand the card to the scammer in person.
More Details
CBC - How this tech worker was duped by a gift card scam
FTC - Scammers increasingly demand payment by gift card
If you have any questions about this information, please contact cybersecurity@ufv.ca
Several universities and institutions of higher education in BC have being targeted by malware/ransomware attacks recently. These attacks are directed at Windows devices and gain access to networks through malicious email.
What do I need to do?
Be extra vigilant when opening email. Watch for suspicious or unexpected email with subject lines that may be similar to:
If you receive a suspicious email, do not respond to it and do not click on any links or downloads in the message.
Email subject lines can be changed frequently to escape detection. If you’re suspicious of an email, do not open and please forward it to phishreport@ufv.ca where ITS will determine if it is malicious.
Still need more info?
If you have any questions, please contact the IT Service Desk or call us at 604-864-4610.
Please be aware that in response to the rapidly rising number of cyber-security threats in our sector and globally, UFV is strengthening our cyber-security protocols and measures. Please watch for announcements and subsequent launches of further cyber-security systems in the weeks ahead.
What do I need to know?
UFV has recently had targeted email phishing attempts with the perpetrators pretending to be UFV Faculty or staff.
What do I need to do?
If you receive a suspicious email, do not respond. Contact the IT Service Desk immediately and forward a copy of the suspicious message to phishreport@ufv.ca for investigation.
Details:
Please be aware that recently, several UFV staff and faculty members have received targeted emails which looks like it is coming from another UFV contact, often a superior. The message will claim to be from a UFV employee, but closer inspection of the from email address reveals it is coming from gmail or another email server. For example: firstName.lastName.ufv.ca@gmail.com.
The email will typically ask if you are available to perform a quick task and that the sender is only available over email. Once the purpetrator has engaged in conversation, they will ask you to purchase game cards or gift cards and send them copies. They may use forceful language and ask for urgent reponse.
If you receive a suspicous message similar to this, do not respond. Instead, immediately report it to the IT Service desk and forward them a copy for investigation. If you are ever unsure of the authenticity of an email, it is good practice to confirm with the employee through another avenue. A phone call can very quickly clear up the situation. No UFV faculty or staff will ever make a request for you to send them game or gift cards.
Still need more info?
If you have any questions, please do not hesitate to contact the IT ServiceDesk by email (itservicedesk@ufv.ca) or call us at 604-864-4610
We subscribe to services that monitor when UFV email accounts are exposed as part of a data breach. These breaches can and do occur regularly. Lately, several UFV employee email addresses have been used to create third party accounts, and several of these accounts have been reported as exposed. Exposed information often contains names, email addresses and, in some cases, passwords or other confidential data.
If you have been exposed as part of a data breach, you will be contacted by our cybersecurity team with details and next steps.
As a best practice, please refrain from using your UFV email address for 3rd party accounts and applications.
There have been a number of recent email-based phishing attempts in which recipients are requested to provide their login credentials. While many of these campaigns look obviously suspicious, some have been very carefully crafted so as to appear to be genuine.
Please be advised that IT Services will never request users to divulge their login information via email. If you are the recipient of such an email request, please ignore it and delete it. If you suspect that you may have been a victim of such a phishing attempt, you should change your password immediately.
Ensure your accounts are secured with a strong password — at least 10 characters that include a combination of uppercase, lowercase, numeric and special characters. Be sure to use a different password for each online account. If one password is compromised, your other accounts are still protected. Keep your passwords to yourself, treat them like the keys to your home.