Beware of a recent phishing scam that is circulating: It appears to be sent from a McGill user’s account with the subject "[name of McGill user] is inviting you to collaborate on [McGill username]". The email asks the recipient to click “Open” on a fraudulent link.
If you receive this or a similar message, please DO NOT click on the link or reply to the message. If you receive content from people you do not know or from whom you do not expect to receive messages, delete the email immediately.
There’s nothing fun about getting hacked, so IT Services is offering you ways to have fun learning to protect yourself. Our IT Security Awareness training has been loaded with three new games to challenge your cyber-skills, and ten new episodes of our cybersecurity sitcom to keep you laughing through the summer.
Beware of a recent phishing scam that is circulating from the U.S. Agency for International Development (USAID) with the subject "Constant Contact". The email asks the recipient to click on fraudulent links which then downloads a malicious file to your device.
There is a phishing email targeting the McGill community from J.D. xxxx, Prof. asking you to migrate to the New 2021 Microsoft Outlook Web Portal. See an example of the message to the left. The example we received says,
-----------
"All Staff are expected to migrate to the New 2021 Microsoft Outlook Web Portal to enable access to the below, click here [fraudulent link] to migrate immediately.
There is a phishing email targeting the McGill community with the subject "Login Attempt". See an example of the message to the left. The example we received says,
"Dear user,
We recently encountered an unauthorized attempt to sign in to your email account. It is recommended that you validate your email account to keep it safe.
We apologize for any inconvenience and appreciate your understanding.
Please help us keep your account safe.
Best regards,
Center for information and media services
McGill University"
There is a phishing email targeting the McGill community, from "xxxxx [at] aesd.net" with the subject "McGILL University is presently transiting from office365 to outlook web application (OWA). Kindly click the link below for update from our transition department about your mailbox.".
The email asks the recipient to click on a fraudulent link "#####". See an example of the message to the left.
There is a phishing email targeting the McGill community, from "xxxxx [at] monroe.k12.mi.us" with the subject "RE: Multi-Factor Authentication (MFA) Information!". The email asks the recipient to click on a fraudulent link "MFAI". See an example of the message to the left.
There is a phishing email targeting the McGill community from "mcgill.ca-Xerox-03 <xxx [at] nucleus.com>". The message appears to be coming from a McGill Xerox scanner and includes a clickable link to view a fax. See an example of the message to the left.
There is a phishing email targeting the McGill community, from "xxxxx [at] est.ups.edu.ec" with the subject "FW: Raw Materials". The email asks the recipient to click on a fraudulent link "Check New".
There is a phishing email targeting the McGill community, from "chieffexecutivemanager [at] gmail.com" with the subject "Busy". The example we received says, "Are you free to handle a task now?
You may receive an email that looks like it comes from one of your coworkers, saying something like: "Can you do me a favor?"
If you reply, the next email asks you to purchase a gift card on their behalf. The message may say they need the card immediately, but they are too busy to do it, and they will pay you back as soon as possible.
These emails are not legitimate. They are being sent by malicious entities who are impersonating people in your contacts list to gain your trust and exploit you. These kinds of fraudulent emails, known as "phishing", attempt to gain your trust in order to access your personal and/or credit card information, or to get money (in the form of gift cards).
DO NOT click any links or reply to such messages. Delete these emails immediately!
Watch out for emails that claim they have stolen your password and hacked into your your computer to "watch" you and record your data. They typically threaten to send videos of you watching porn to your contacts unless you "pay up" by transferring bitcoin into an account. You can view an example below.
If you receive such an email, please...
And take the following actions:
There is currently a targeted phishing email circulating advising staff & employees to update their Discrimination & Sexual Harassment training, claiming that it is set to expire within the next 24 hours. See an example of the message to the left.
Please DO NOT click any links or reply to the message. Delete this email immediately! It does NOT come from a McGill source.
There is currently a fake McGill Facebook website circulating that is targeting international students:
Please DO NOT go to this website! It does NOT come from a McGill source.
BEWARE: At the start of the semester, there may be an increase of fraudulent links and phishing email that look like they are coming from McGill.
Cybercrime. It could never happen here, could it? Ah, but it does, and more often than we’d like. Join IT Services on August 11 for an online lunch hour session filled with stories of cybercrimes committed at McGill and elsewhere - both the heinous and the hilarious. The stories you will hear are true. Only the names will be changed to protect the innocent. Pick up some handy tips for staying safe online and help prevent similar incidents from happening to you.
Tuesday, August 11, 2020 12:15 PM – 1:00 PM
