Educating computer users on the consequences of phishing is a challenge, especially since cybercriminals develop more sophisticated-looking emails and schemes every day. We’re all incredibly busy and bombarded with emails; even the most tech-savvy among us have fallen into their trap.Last week, IT Services phished all faculty and staff members of the McGill community. Yesterday, March 11, they did it again. Some people ask why is this necessary?
Periodically, IT Services will send out mock phishing emails to the McGill community as part of a proactive approach to increase awareness of the dangers of phishing. Users who click on a link in one of these emails will be redirected to a page informing them that they have participated in a phishing awareness exercise, and will be encouraged to learn how to identify and avoid falling victim to these types of scams.
Don’t want to wait and risk taking the bait? Sign up now for IT Services’ online Security Awareness training, or read more about spotting phishing scams:
With holidays fast approaching, cybercriminals are taking advantage of people's vacation planning, online shopping, and expected package deliveries. Millions of phishing scam emails are being sent out daily, spoofing trusted brands, retailers, postal services, banks, stores, and more. Many of these emails look legitimate, and it gets harder to tell what's a real email, and what's a scam.
There is currently a virus infecting computers via email attachments. In the latest fraud reported at McGill, the subject of the email is You have received a voice mail, and the attachment contains the virus.
If you receive any emails containing .ZIP file attachments, DO NOT open them.
Yesterday, a new security vulnerability, affecting Bash, was announced. The Bash shell, commonly accessed through Command Prompt or the Terminal application, is a part of many Linux, Unix, and Mac systems. Since it has been around for more than two decades, older devices are also vulnerable. If used maliciously, Bash allows an attacker to take over an operating system, access confidential information, make changes, etc..
McGill’s IT Services is devoting their full attention to addressing any potential threat this may cause to centrally-managed IT systems.
If you haven’t yet changed your McGill Password, it’s time to get to it.
In October, all faculty and staff members who did not change their password when prompted to earlier this year will have their McGill Password doubled.
The development of TrueCrypt ended in May after Microsoft terminated support of Windows XP. If you currently use TrueCrypt, you should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform. Please note that IT Services can only support TrueCrypt and other encryption tools on a best-efforts basis.
Back in April, you may have heard of the Heartbleed vulnerability and its potential impact on McGill. All of McGill’s central IT systems have been evaluated, and updates were applied where needed. Since it is always a good practice to periodically change passwords, we encourage you to reset your McGill Password at this time.
In April, we emailed you about the Heartbleed vulnerability and its potential impact on McGill. All of McGill’s central IT systems have been evaluated, and updates were applied where needed. As a final precaution, we strongly encourage you to change your McGill Password without delay.
If you are a McGill staff member, you are required to change your password.
Update: May 5, 2014
Last week Microsoft released a Windows update to address the security vulnerability in Internet Explorer. This update was remotely deployed to McGill's centrally-supported computers on Friday, May 2 via the Campus Windows Server Update System (WSUS). Note that Microsoft made the decision to also offer the update for Windows XP. You may be prompted to restart your computer.
Please be sure to run Windows Update on all computers that are not configured to automatically install updates from the WSUS, including your