McGill is looking into a recent phishing attack that targeted the McGill community. Phishing is an attempt to acquire an individual’s personal information by masquerading as a legitimate or trustworthy entity. In this most recent case, an email sent to McGill staff and students starting July 11 directed users to a website that looked very much like the Minerva website and asked them to supply their McGill username and McGill password and/or their McGill ID and PIN.
McGill estimates that 36 Minerva accounts were accessed by a third party using information obtained through this phishing attack. In 14 of these cases, users’ bank deposit information was changed. Upon discovery, Information Security Office disabled access to all 36 affected user accounts and Human Resources are in the process of notifying all individuals affected. We continue to monitor the situation and have contacted the Montreal police.
Because McGill – just like other universities or large organizations – is targeted regularly by phishing attacks, we want to take this opportunity to remind you to be vigilant. We invite you to read the tips provided on our website at http://kb.mcgill.ca/it/phishing to learn how to identify a phishing attack and how you can protect yourself and your personal information. It is also a good idea to periodically review your records to check the accuracy of the information they contain.
If you suspect that you have been a victim of this or a similar attack, please contact the IT Service Desk at ITsupport [at] mcgill.ca or 514-398-3398.
For further reading on identity theft or identify fraud, visit the RCMP website at http://www.rcmp-grc.gc.ca/scams-fraudes/id-theft-vol-eng.htm