We are seeing an increase in phishing and fraudulent emails at UBC. These campaigns are very sophisticated with the end goal likely to enable ransomware attacks.
We all must work diligently to keep ourselves, and the information we work with, secure.
UBC is a High-Value Target
If a UBC email account has previously been breached, attackers can successfully insert themselves into the middle of an actual email conversation to convince you that they work for UBC. Users are often asked to download files and encouraged to open links. When clicked, a website appears asking the user to download an application that would ultimately allow remote control of their computer, very likely with a ransomware file.
Any such attempt should not be acted upon and must be immediately reported to the UBC Cybersecurity team at security@ubc.ca.
Keep These Reminders Handy and Share Them with Your Team
- Watch for the [CAUTION: Non-UBC Email] banner at the top of emails; an email from a UBC colleague will never have the External Email banner applied.
- Read emails carefully; is the email in the context of the conversation? Is it written in the same style that you would expect from the sender? Are there typos or misspellings that seem odd?
- Don’t open attachments or click on links that you aren’t expecting, ESPECIALLY if they require a password to open
- If in doubt, always forward the email as an attachment to security@ubc.ca and the team can verify the safety of the email before you open it. This will cause you minimal delay and the team are happy to do this
- If you think you have clicked on a potentially malicious link then contact security@ubc.ca immediately and reset your CWL password