A phishing email is targeting the McGill community with the subject "RE: Final Reminder: Complete: [name] DocsOnline Docs Via E-Sign #63 - Mcgill Project-08(REVISED)." See an example of the message above.
In an effort to limit the impacts of unsolicited and fraudulent emails being sent in large numbers to the McGill community, McGill’s IT Infrastructure & Information Security has decided to limit the number of emails that can be sent from non-2FA (two-factor authentication) enabled email accounts.
A phishing email is targeting the McGill community with the subject "(Attention chair.psychiatry) | Re-authenticate 2 Factor Authentication (2Fa) | September 2023". See an example of the message above. The message contains a QR code and asks you to scan it with your phone camera:
"Dear User:
Your authenticator session has expired today. Kindly re-authentication with your mobile device to avoid being locked out of your email account.
Quickly scan the QR Code below with your smartphone camera to re-authenticated your password security.
A phishing email is targeting the McGill community with the subject "Mcgill Authentication For [name]@mcgill.ca Expires on [date]". See an example of the message above. The message contains a QR code and asks you to scan it with your phone camera:
"Message date: [date]
Promptly scan below QR code with your phone camera to release HELD messages
[fraudulent QR code]
Some messages failed to load and could'nt be delivered."
There is a phishing email targeting the McGill community with the subject "Completed: Complete with Via-Sign: #7 - 34499-07-# Monday July 2023". The message body contains a fraudulent link.
There is a phishing email targeting the McGill community with the subject "Microsoft De-Activation In Progress". See an example of the message above. The example we received says,
"Dear User,
This is the last time we will notify you that we'll stop processing incoming emails in your school account, and the reason is you failed to verify your Microsoft account which may lead to the permanent deletion of your account from our database in the next few hours.
Kindly take a minute to complete our email verification below
A targeted phishing email is currently circulating, asking you to click on a fraudulent link (see image).
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
A targeted phishing email is currently circulating, asking you to open an attachment that contains a fraudulent link. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
The education network is currently facing a large wave of fraudulent emails with a Microsoft OneNote attachment containing Qakbot malware. The impact of an infection by this malware is high, so the IT Information Security department has taken the precaution to block emails containing these attachments when they originate from an external source (e.g. come from a non-McGill email address).
We recognize that there will be cases where people may need to receive legitimate OneNote files from external sources who do not have a McGill email address. As a workaround, we recommend you:
A targeted phishing email is currently circulating, asking you to open an attachment that contains a fraudulent link to a shared document. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
A targeted phishing email is currently circulating, asking you to open an attachment that contains a fraudulent link to a shared document. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
This message is sent on behalf of Ghilaine Roquet, Chief Information Officer and Associate Vice-Principal (Information Technology Services)
Please forward this memo to all employees who deal with financial information in your unit.
IMPORTANT: Phishing fraud targets McGill users with access to financial data, via email and Skype instant messaging
Phishing messages typically get 5-10% response rates, but a new system has boosted its rate to 40%. John Seymour and Phil Tully, two data scientists from the security company ZeroFOX, presented their system SNAP_R at Black Hat, a Las Vegas conference on cyber-security, on August 4. SNAP_R uses a deep neural net to study a person's past tweets and then mimics that person's writing style using a Markov model, generating a phishing tweet. So far, there is no reason to think that criminals are using a similar system, but Seymour and Tully's work show how it might be done.
McGill is looking into a recent phishing attack that targeted the McGill community. Phishing is an attempt to acquire an individual’s personal information by masquerading as a legitimate or trustworthy entity. In this most recent case, an email sent to McGill staff and students starting July 11 directed users to a website that looked very much like the Minerva website and asked them to supply their McGill username and McGill password and/or their McGill ID and PIN.