This message is sent on behalf of Ghilaine Roquet, Chief Information Officer and Associate Vice-Principal (Information Technology Services)
Please forward this memo to all employees who deal with financial information in your unit.
IMPORTANT: Phishing fraud targets McGill users with access to financial data, via email and Skype instant messaging
This is a very important warning for our McGill finance teams and all McGill users who have access to financial data: McGill’s IT Security team is currently investigating several cases of compromised accounts through phishing. Phishing is the practice of masquerading as a legitimate/trusted organization or institution in order to acquire sensitive information such as usernames, passwords and credit card details.
These latest cases have attempted to lure McGill employees with access to financial data to process payments or disclose financial information. The hackers are now leveraging these stolen credentials to connect through Skype for Business and are using instant messaging as a means to trap users.
IT Services urges all employees working with access to financial data to be on the lookout for suspicious requests, and proceed with caution if requested to disclose or process personal or financial information via electronic communication channels including email or instant messaging (e.g., Skype for Business).
Watch out for:
A sense of urgency, advising the recipient to act quickly
Emails from financial institutions or clients using generic identities such as “the bank” or “client”
Requests for confidential information – note that McGill will never request credentials through email
Instructions from high-ranking McGill members to divert funds from financial offices
Links to websites that are not at xxxx.mcgill.ca (or other known systems) – note that you can hover your mouse cursor over a link to view its true address
Please report any suspicious requests to the IT Service Desk at ITsupport [at] mcgill.ca.
Help spread this warning throughout your unit to arm them with this knowledge. Anyone can be the recipient of a phishing email/text, but you are only a victim if you take the bait.
Thank you for your attention to this serious and dangerous threat.
[Message sent out over the FIS listserv]