After our security updates, here's the advice from IT regarding the phishing emails which were the catalyst for said updates:

IT Communication Bulletin #16072021-1 – SECURITY ALERT – Phishing Email Cyber-Security Awareness

This bulletin contains important cyber-security alert information.

Please be advised that malicious emails may have been received in your company mailboxes at a higher-than-normal volume.

These emails were primarily sent from external email addresses. Some emails may have also been sent from (or appears to be sent from) staff and student mailboxes.

Some phishing emails may be masquerading as fax notifications, mailbox alerts, job offers, or even contain spoofed email warning header alerts.

Please note that the emails are illegitimate and all information inside them should be disregarded.

Examples of malicious emails:

1. Spoof Fax Notifications

2. Spoof Job Offers

3. False alerts

4. Spoofed Email Warning Header Alert

Take the following actions:

Receiving Malicious Emails

· Immediately delete emails you suspect to be malicious from your mailbox and do not click on any links inside such emails

· Ensure that the email originates from a legitimate sender. On the top of the email, ensure that the sender’s display name and email address is correct.

Example of a masked email from an illegitimate sender:

· Watch for legitimate email warning headers on Outlook to help you determine if emails that are sent to you are legitimate.

Example of a legitimate email warning header:

Securing Sensitive Data

· Always lock your computer when away (Tip: Quickly lock your Windows computer by pressing Windows key and L)

· If you are requested by any senior staff members to do anything out of the ordinary, always confirm with the requester directly. Examples include requests such as directly sending a sensitive file to an external email address, purchase gift cards, and providing passwords to your accounts.

· Never send your login information or password via any medium if requested by anyone, whether someone purported to be from inside the company or externally, or on any websites/online forms. Never provide your password to someone claiming to be your supervisor/manager or an individual from the Information Technology department. Your passwords are for your eyes only.

Cyber-Security General Awareness

· Report all potential malicious activities to IT and/or your instructor

· Grow your cyber-security awareness to help you stay safe in the cyber world, whether at home or at work. See the following resources:

Microsoft’s “Protect Yourself from Phishing” Guide

Government of Canada’s Canadian Centre for Cyber Security Interactive Content