Tips for Students
Tips for Students
What does cybercrime have to do with you as a UBC student?
Cyber-attacks against individuals are more prevalent than ever before
Cybercrime is any illegal activity that involves the use of a computer or the internet. Examples include hacking, identity theft, the distribution of malware, and online fraud.
It is a real and dangerous global threat on the rise due to increased technological use. As an institution, UBC is a high-value target that is under constant attack by cybercriminals.
Cyber-attacks against individuals are more prevalent than ever before. Some students have been scammed out of thousands of dollars, and others have had their identities stolen. You may have already fallen victim to an attack without even knowing it!
Understand how to keep yourself safe online, and what to do if you suspect you've been a victim of cybercrime.
Don't Get Hooked
The most common form of cybercrime is a phishing attack. A criminal will try to steal your personal information including passwords, account numbers, Social Insurance Number, and more through an email, text message, or voice message. If successful, a criminal can gain access to your email, bank, or other accounts. They may even sell your information online.
Identifying a Phishing Message - Claiming to be from UBC
Criminals may also send you targeted messages—often referred to as spear phishing—that are crafted to appear as if they originated from a UBC faculty or staff member. Cybercriminals send these personalized emails to one person or sometimes a few people who share a connection of some sort.
While UBC faculty and staff do communicate with UBC students regarding part-time and full-time employment opportunities, cybercriminals are actively looking to exploit this interaction through fraudulent job postings and internship scams.
Many of these spear phishing scams can be difficult to detect and are especially dangerous because of the patience and detail that go into them. Criminals can pose as legitimate contacts and try to gain access to your bank account details or other personal information.
Here are some signs that a message is a scam, even if it looks like it comes from a person you know:
- The person communicating with you is not listed in the UBC Faculty and Administrative Directory.
- The email address from which you receive communications does not match the UBC Faculty and Administrative Directory.
- The person requests your bank account information to deposit large sums of money into your account.
- The person sends you cheques or money and asks you to buy gift cards in exchange.
- The person sends you a cheque then claims overpayment and asks for a refund of the overage.
- There is little or no interview process.
- There is no face-to-face (virtual or otherwise) communication.
- The hiring process is rushed or the person asks you to rush your response.
- The opportunity sounds too good to be true.
Not who they appear to be!
- Not a valid UBC email address
If you receive a message from what appears to be a valid UBC faculty or staff member that does not originate from their official UBC email address, do not reply to the email. Instead, report it to firstname.lastname@example.org immediately.
- Asking for personal information
If you receive a message from what appears to be a valid UBC faculty or staff member that requests for you to provide personal information such as your Social Insurance Number, Driver’s License, or banking information of any kind, do not reply to the email. Instead, report it to email@example.com immediately.
Identifying a Phishing Message - Claiming to be from a trusted company
Phishing messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an unexpected email or text message that looks like it’s from a company you know or trust, such as your bank or credit card company, or an online shop.
Here are some signs that a message is a scam, even if it looks like it comes from a company you know:
- The message begins with a generic greeting, such as "trusted customer".
- The sender claims they’ve noticed some suspicious activity or log-in attempts on your account.
- The sender claims there’s a problem with your payment or financial information.
- The sender claims you need to confirm some personal information.
- The message claims your account is on hold or locked and instructs you to click on a link to unlock it.
- Instructions say to click on a link to make a payment.
- The message claims you are eligible for a government refund.
- The message offers a coupon or code for free items.
How to Protect Yourself
Take These Precautionary Steps
- Monitor ALL financial transactions carefully
- Get into the habit of regularly logging into your financial services (bank, credit card, PayPal, etc.) using your credentials. If you find that you cannot log in using your known credentials, then you should assume that the account is compromised and contact the fraud department of that service immediately.
- Enable Identity Alerts
- Ensure that all of your online services have the available maximum-security settings enabled.
Many services—including social media—offer extra security by requiring two or more credentials to log into your account, such as an additional one-time passcode sent to your phone. This is called multi-factor authentication. Multi-factor authentication makes it harder for criminals to log into your accounts even if they obtain your username and password.
- Set your social media profile to private so that it can be seen by your friends only
- Don’t publish your phone number on any of your social media profiles and limit the amount of personal information you post online, like your birthday, home address, elementary school name, or your pet’s name. Learn what to do if your social media has been compromised.
- Secure your WhatsApp conversations
- Don’t allow online shopping websites to “remember” your credit card or PayPal details.
- If the criminal can access your online shopping history, don’t make it easy for them to see what financial institutions you belong to.
- Don't use apps to sign into other apps, such as Facebook
- The fraudster would only need to log into one account to gain access to all connected apps.
- Protect your password(s)
- Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your important accounts.
- Don’t click on links or attachments in suspicious emails or text messages.
- Remember that UBC, CRA, and financial institutions will never send you an email or call you on the phone and ask you to disclose personal information, such as your password, credit or debit card number, or your mother’s maiden name.
- Protect your devices
- Keep your operating system and software up to date. Weaknesses in systems and software that are not up-to-date are vulnerable. Always use anti-malware programs (antivirus) on your computer. Many are free or very inexpensive.
- Back up your data
- Computer hard drives can crash, computers and phones can be lost or stolen, food and drink can be spilled on laptops, and software viruses or malware can delete your files. Be sure to back up your data regularly. Test the backups every few months to check that you can recover your data.
- Protect your personal information
- Here is a helpful guide to follow to protect your personal information.
- Destroy and dispose of your physical mail properly.
- Never just recycle or throw away letters or financial information with any personal information on it without shredding or removing and destroying the personal information first. Did you know that Amazon Canada prints your full name, address, and phone number on all parcels? Ensure that this is removed and destroyed before the packaging goes into your recycling.
- Contact your cellphone provider and ensure that you have “Port Protection” enabled on your account.
- This will mean that a number cannot be “ported” before further verification with the account holder. This may delay legitimate account changes but will provide more security when your cellphone has been listed as your second factor of authentication. This can be done through your provider directly.
What to Do if You Suspect You Have Been the Victim of a Phishing Attack
If you become a victim of phishing, here are simple steps you can do to recover and secure your accounts and devices:
- Change affected passwords
- Change your compromised password right away. If it was your CWL, you can change your Campus-Wide Login (CWL) using CWL myAccount. Update all your accounts to use strong and unique passwords. Consider using passphrases made of four or more random words and 15 or more characters for extra security.
- Enable multi-factor authentication (MFA)
- Multi-factor authentication adds an extra layer of security to your accounts and devices. This makes it harder for cybercriminals to access your data, even if they steal your password.
- Call your financial institution
- If you share any financial information, like a credit card number, contact your bank. You can recover lost finances and prevent any further losses while monitoring your transactions.
- Consider deleting your inactive accounts
- If criminals gain access to your accounts, they can send phishing links to your contact list. Deleting or suspending your inactive accounts may prevent this.
- Check your device for viruses or other malware
- If there was a suspicious link or attachment in the email, install anti-malware software and scan your device for viruses that may have been downloaded.
- Report the incident
- Contact the RCMP’s non-emergency line:
- Vancouver - 604.224.1322
- Okanagan - 250-765-3549
- If you feel your identity was compromised contact the Canadian Anti-Fraud Centre: 1-888-495-8501