There is a phishing email targeting the McGill community, from "xxxxx [at] aesd.net" with the subject "McGILL University is presently transiting from office365 to outlook web application (OWA). Kindly click the link below for update from our transition department about your mailbox.".
The email asks the recipient to click on a fraudulent link "#####". See an example of the message to the left.
There is a phishing email targeting the McGill community, from "xxxxx [at] monroe.k12.mi.us" with the subject "RE: Multi-Factor Authentication (MFA) Information!". The email asks the recipient to click on a fraudulent link "MFAI". See an example of the message to the left.
There is a phishing email targeting the McGill community from "mcgill.ca-Xerox-03 <xxx [at] nucleus.com>". The message appears to be coming from a McGill Xerox scanner and includes a clickable link to view a fax. See an example of the message to the left.
There is a phishing email targeting the McGill community, from "xxxxx [at] est.ups.edu.ec" with the subject "FW: Raw Materials". The email asks the recipient to click on a fraudulent link "Check New".
There is a phishing email targeting the McGill community, from "chieffexecutivemanager [at] gmail.com" with the subject "Busy". The example we received says, "Are you free to handle a task now?
You may receive an email that looks like it comes from one of your coworkers, saying something like: "Can you do me a favor?"
If you reply, the next email asks you to purchase a gift card on their behalf. The message may say they need the card immediately, but they are too busy to do it, and they will pay you back as soon as possible.
These emails are not legitimate. They are being sent by malicious entities who are impersonating people in your contacts list to gain your trust and exploit you. These kinds of fraudulent emails, known as "phishing", attempt to gain your trust in order to access your personal and/or credit card information, or to get money (in the form of gift cards).
DO NOT click any links or reply to such messages. Delete these emails immediately!
Watch out for emails that claim they have stolen your password and hacked into your your computer to "watch" you and record your data. They typically threaten to send videos of you watching porn to your contacts unless you "pay up" by transferring bitcoin into an account. You can view an example below.
If you receive such an email, please...
And take the following actions:
There is currently a targeted phishing email circulating advising staff & employees to update their Discrimination & Sexual Harassment training, claiming that it is set to expire within the next 24 hours. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
There is currently a fake McGill Facebook website circulating that is targeting international students:
Please DO NOT go to this website! It does NOT come from a McGill source.
BEWARE: At the start of the semester, there may be an increase of fraudulent links and phishing email that look like they are coming from McGill.
Cybercrime. It could never happen here, could it? Ah, but it does, and more often than we’d like. Join IT Services on August 11 for an online lunch hour session filled with stories of cybercrimes committed at McGill and elsewhere - both the heinous and the hilarious. The stories you will hear are true. Only the names will be changed to protect the innocent. Pick up some handy tips for staying safe online and help prevent similar incidents from happening to you.
Tuesday, August 11, 2020 12:15 PM – 1:00 PM
There is currently a targeted phishing email circulating asking you to click on a fraudulent link to information about "Personal Giveaway". See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
Two-Factor Authentication (2FA) was successfully implemented on the Virtual Private Network (VPN) as planned on May 5, 2020. Of those who were using the VPN prior to May 5th, 84% of staff and 47% of students and/or affiliates have enabled 2FA and now connect with greater security.
There is currently a targeted phishing email circulating asking you to click on a fraudulent link to view your document. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
There is currently a targeted phishing email circulating asking all staff & employees to verify their email account for an April benefit payment via an included link. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
UPDATE (April 2, 2020): The security vulnerability affecting Zoom has been resolved.
ORIGINAL MESSAGE (posted April 1, 2020): A security vulnerability has recently been discovered in Zoom when used on Windows computers. This vulnerability may allow cyber attackers to steal Windows account names and encrypted passwords if a user clicks on a malicious link within a Zoom chat while interacting with the cyber attacker.
