In today’s digital world, data has become one of the most sought-after commodities. Cybercriminals aren’t necessarily looking for a single “perfect” victim; they’re looking for easy opportunities. And at a large institution like UBC, where thousands of accounts connect to valuable research, personal, and administrative data, even one compromised account can open the door to much bigger problems.
If you’ve ever thought, “My account isn’t that important,” it’s time to think again. Your UBC credentials hold far more power than you realize, not just for the data they contain, but for the access they provide.
Your Account Unlocks Sensitive Data
Attackers target information that can either be sold quickly or used in long-term scams. At a university, this can include:
- Personal Identifying Information (PII): Basic details such as names, birthdates, and phone numbers can be used to impersonate individuals, apply for loans or credit cards, file false tax returns, or flood inboxes with spam.
- Financial and Payment Information: Anything from banking details to billing accounts and credit card numbers can be misused for fraudulent purchases or transfers, often within minutes of being stolen.
- Education and Health Information: Records such as transcripts or medical documentation can be exploited for blackmail, extortion, or fraudulent insurance claims. Even seemingly harmless data can become valuable in the wrong hands.
When taken together, these pieces of information can build a complete profile of a person—something cybercriminals can leverage in many harmful ways.
Your Email Account: The Digital “Master Key”
Your UBC email isn’t just a communication tool; it’s often the central hub of your digital identity. If an attacker gains access to your inbox, they can quickly take control of your digital life.
- Access to Everything: Your email may contain years of correspondence, attachments, and links to accounts ranging from financial services to research tools.
- Password Reset Abuse: Once inside, attackers can trigger “forgot password” links across dozens of websites, using your inbox to reset credentials and lock you out.
- Impersonation and Internal Phishing: A compromised university email can be used to trick colleagues, spread phishing messages, or initiate fraudulent requests such as fake invoice payments—a tactic known as Business Email Compromise (BEC).
- Intellectual Property Theft: Attackers may quietly monitor inboxes to steal research data or gain insight into internal university operations.
In short, your email account can serve as a digital “Pandora’s box.” Once opened, it can expose far more than you might expect.
Administrative and Forgotten Accounts Are Prime Targets
Not all accounts are equal in the eyes of an attacker. Some offer a higher level of access—and therefore a higher reward.
- Privileged Access: Accounts with administrative permissions (such as IT, HR, or senior management) can unlock large parts of the network. Attackers specifically look for administrator credentials, including global domain accounts, because they offer control over entire systems.
- Forgotten Accounts: Accounts belonging to former employees can create hidden vulnerabilities. If they aren’t promptly disabled or updated, attackers can use them as backdoors into university systems, sometimes without being noticed for months.
Keeping these accounts properly managed and reviewed is essential to protecting the wider university network.
Why This Matters at UBC
A single compromised account can have a ripple effect—draining resources, disrupting operations, and putting sensitive information at risk. Research data, financial records, and personal information all depend on secure digital identities to remain protected.
The encouraging news is that most breaches are preventable. Security doesn’t require perfection—it requires awareness and good habits. Every proactive step you take moves you from being an “easy target” to being "not worth the effort".
Simple Ways to Protect Your UBC Account
- Phishing is persistent — but awareness and small daily habits drastically reduce risk. Stay Alert. Treat unexpected messages, especially related to HR or payroll, with caution. Watch for indicators like the “CAUTION: Non-UBC Email” banner.
- Verify Before You Click: If something seems off: Don’t click the link — go to the site directly. Contact the sender through a trusted method (phone, Teams). If someone is “too busy to talk,” that’s a red flag.
- Strengthen Your Authentication: Use strong passwords or passphrases. Enable MFA everywhere. If you get an unexpected MFA prompt (e.g., Duo push), deny it, flag it as fraudulent, and change your password immediately
- Report It: Reporting suspicious messages helps identify campaigns quickly and protects others in the community. Forward phishing attempts as an attachment to security@ubc.ca.
- Keep Learning: Privacy and cybersecurity are moving targets. Training — including short monthly refreshers through the Privacy Matters Champions Network — helps everyone stay ahead of evolving tactics.
Your digital identity is a powerful key within UBC’s connected environment. By keeping your credentials strong, enabling MFA, and staying alert to suspicious messages, you help safeguard not only your own information but the entire university community.