Cyber Security Awareness at DCU

Phishing, Vishing, Smishing, Ransomware & Malvertising

As any type of fraud, phishing can be extremely damaging and has already claimed victims on campus. Use the tabs below to find out more about phishing - what it is and what risks it poses.

 Phishing

 

What is Phishing?

Phishing refers to different types of online scams that ‘phish’ for your personal and financial information such as:

  • Passwords.
  • PPS numbers.
  • Bank account information.
  • Credit card numbers.
  • Debit card numbers.
  • Any other personal information.
  • Usernames & Passwords.

 

These communications claim to come from a legitimate source: a well-known software company, online payment service, bank, or other reputable institution.

Some will use an organisation's email address, logo, and other trademarks to fake authenticity. Phishing messages may also appear to be from a trusted friend or colleague.

 
Phishing communications can come from a growing number of sources, including:
  • Email
  • Phone calls
  • Fraudulent software (e.g, anti-virus)
  • Social Media messages (e.g., Facebook, Twitter)
  • Advertisements
  • Text messages
 
How to report a Phishing email from your DCU a/c

It is possible to report a Phishing email from your DCU mail a/c, just follow the steps below:

  • Click on the drop-down burger menu, circled in red on the right of the page.
  • When the menu expands, click on the Report Phishing option.
  • This will automatically report the instance of Phishing to Google.

 

Click on image to enlargePlease click on image to enlarge

 
What is spear phishing?

More sophisticated attacks, known as spear phishing, are personalised messages from scammers posing as people or institutions that you trust.

They often collect identifiable information about you from social media or the compromised account of someone you know to make their messages more convincing.

Never transmit sensitive information over email or social media, even if the communication requesting information appears to be legitimate. 

 
Signs of phishing include:
  • UltimatumAn urgent warning attempts to intimidate you into responding without thinking. ‘Warning! You will lose your email permanently unless you respond within 7 days’.
  • Incorrect URLs: Scammers may obscure URLs by using hyperlinks that appear to go to a reputable site. Hover your mouse over any suspicious links to view the address of the link. Illegitimate links often contain a series of numbers or unfamiliar web addresses.
  • No signature or contact information: Additional contact information is not provided.
  • Too good to be true offer: Communications about contests you did not enter or offers for goods or services at an unbelievable price are likely fraudulent.
  • Style inconsistencies: Pop up windows that claim to be from your operating system or other software may have a different style or colors than authentic notifications. Communications that claim to be from a reputable organisation may be missing branding aspects such as a logo.
  • Spelling, punctuation, or grammar errorsSome messages will include mistakes. ‘Email owner that refuses to update his or her Email, within Seven days’
  • Attention-grabbing titles: "Clickbait" titles (e.g., "You won't believe this video!") on social media, advertisements or articles are sensationalist or attention-grabbing and sometimes lead to scams.
 
Please familiarise yourself with some of the telltale signs of Phishing

Click on image to enlargePlease click on image to enlarge

 
What are the Risks?

Don’t be fooled! These are fraudulent communications that in most cases have nothing to do with the institution they claim to be affiliated with.

Opening, replying, or clicking the links provided in these emails poses a serious security risk to you and the campus network.

Some of the risks involved are:

  • Identity theftOnce you provide your personal information in response to a phishing attempt, this information can be used to access your financial accounts, make purchases, or secure loans in your name.
  • Virus infectionsSome fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
  • Loss of personal data: Some phishing attacks will attempt to deploy crypto malware on your machine, malicious software that encrypts files on a victim’s computer and denies owners access to their files until they pay a ransom.
  • Compromising institutional information: If your university IT account is compromised, scammers may be able to access sensitive institutional information and research data.
  • Putting friends and family at riskIf your personal information is accessed, attackers will scan your accounts for personal information about your contacts and will in turn attempt to phish for their sensitive information. Phishers may also send emails and social media messages from your accounts in an attempt to gain information from your family, friends, and colleagues. 
 Vishing

 

What is Vishing?

Vishing (Voice Phishing), is the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable organisations in order to induce individuals to reveal personal information, such as bank details, passwords, and credit card numbers.

As with other kinds of phishing, voice scams rely heavily on manipulation and social engineering to get victims to give up personal information. With Vishing, criminals typically pretend to be from an official source, such as a bank or government organisation.

Most Vishing attempts try to convince the victim to give up PIN numbers, PPS numbers, credit card security codes, passwords, or other personal details. That information will then be used for some type of identity fraud, or to later steal money directly from an account. In some cases, the Vishing scammer will attempt to gain access to personal or financial accounts (such as a bank account) in order to steal information or money.

 

Not all Vishing scammers target individuals

One common misconception about Vishing is that the attacks target average consumers. However, businesses are also commonly in the crosshairs. Scammers may target businesses not only to obtain private user information but also to potentially scam those businesses out of money and valuable data.

 

Types of Vishing

Common types of vishing you’re likely to run into involve:

  • Supposed fraud or suspicious activity on your bank account
  • Overdue or unpaid taxes to the Internal Revenue Service (IRS), HM Revenue and Customs (HMRC) or other tax agencies
  • Prize or contest winnings (such as a cruise or an “all expense paid” vacation)
  • Fake computer tech support calling to remotely access your PC to fix a problem
  • Faked government agencies (such as a court or law enforcement agency)

For businesses, Vishing scammers may be more likely to put real people on the line. The scammers may warn about fraudulent or suspicious bank transfers or pretend to represent some form of computer or IT support service. The goal is to gain access to financial account information or gain remote access to computers.

 
How to avoid vishing scams

Never give personal information over the phone.

Information Systems Services will never ask for your password over the phone.

Banks and government institutions should never ask for personal information over the phone.

That said, banks will call you if they believe fraud may be occurring on your account. However, they will typically only call to confirm your location and alert you to the event. They won’t ask for private information in a call you receive from them. Government institutions like the IRS almost exclusively communicate by mail or occasionally email to conduct official business.

If you are asked to give personal information, politely decline and end the call. If you are worried that you may have been a victim of an attempted Vish or would like some advice, please contact Information Systems Services.

 Smishing

 

Smishing (SMS Phishing)

Smishing is conducted via Short Message Service (SMS), a telephone-based text messaging service.

A Smishing text, for example, attempts to entice a victim into revealing personal information via a link that leads to a phishing website.

While some might recognise this as a scam, many unsuspecting users would not.

If you are worried that you may have been a victim of an attempted Smish or would like some advice, please contact Information Systems Services.

 Ransomware
 
What is Ransomware?

Ransomware is a Malware/Virus that stops you from using your PC. It holds your PC or files for ransom. Ransomware can make its way onto a system through a variety of means, with the victim ultimately downloading and installing a malicious application.

Once on the device, the malicious application will spread throughout the system and encrypt files on the hard drive or simply lock the system itself. In some cases, it may block access to the system by displaying images or a message across the device’s screen to persuade the user to pay the malware operator a ransom for the encryption key to unlock the files or system.

What does it look like and how does it work?

There are different types of ransomware, however  all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can:

  • Prevent you from accessing Windows.
  • Encrypt files so you can't use them.
  • Stop certain apps from running (like your web browser).

They will demand that you do something to get access to your PC or files.

  • Demand you pay money.
  • Make you complete surveys.
  • There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

Click on image to enlarge 

Please click on image to enlarge

There are three types of ransomware that are been reported:

  1. File Encryptor - Encrypts personal files/folders (e.g., the contents of your My Documents folder - documents, spreadsheets, pictures, videos).   Files are deleted once they are encrypted and generally there is a text file in the same folder as the now-inaccessible files with instructions for payment.   You may see a lock screen but not all variants show one.   Instead, you may only notice a problem when you attempt to open your files. 
  2. WinLocker - Locks the screen (presents a full-screen image that blocks all other windows) and demands payment. No personal files are encrypted. 
  3. MBR Ransomware -  The Master Boot Record (MBR) is a section of the computer’s hard drive that allows the operating system to boot up. MBR ransomware changes the computer’s MBR so the normal boot process is interrupted and a ransom demand is displayed on-screen instead.

Which operating systems are susceptible to this type of attack?

As with a lot of malware,  the majority of ransomware is targeted at the Microsoft Windows operating system.

Advice

  • Avoid opening any attachment emailed to you that you were not expecting or can not be verified from a known source.
  • Watch out for emails with attachments suggesting you must reply quickly or 'act fast' and hence, feel compelled to open the attachment quickly - without considering the source.
  • It’s essential to check the content of the messages you receive by email. As well as the content of emails, their attachments have become a very common method for propagating malware, which is one of the main means of infection by ransomware. For this reason, practices like checking the sendermessage, taking care of offers that sound just too tempting to resist, checking that it is really an email that has been sent, and not clicking on suspicious links are basic measures to take in order to avoid falling victim to tricks that might result in infection.
  • For the record, we are Information Systems Services (ISS) and any communication from us should be personally signed – if in doubt, look up the sender from the DCU phone directory: http://www.dcu.ie/info/staff.shtml

What to do if you think you may be infected

If you think that you may have been infected please contact Information Systems Services (ISS) immediately: iss.servicedesk.dcu.ie or call ISS on (01) 700 5007

 Malvertising

 

What is it?

 

Malvertising is the name the security industry give to criminally-controlled adverts which intentionally infect PCs. These can be any ad on any site – often ones which you use as part of your everyday Internet usage.

Whilst the technology being used in the background is very advanced, the way it presents to the person being infected is simple. To all intents and purposes, the advert looks the same as any other, but it has been placed by a criminal.

Without your knowledge a tiny piece of code hidden deep in the advert is making your computer go to criminal servers. These then catalogue details about your computer and its location, before choosing which piece of malware to send you. This doesn’t need a new browser window and you won’t know about it.

The first sign will often be when the malware is already installed and starts threatening money for menaces, logging your bank details or any number of despicable scams.

Malvertising infographic Image source: www.malwarebytes.comImage source: www.malwarebytes.com

 
How do they get there?

It’s common practice to outsource the advertising on websites to third-party specialists. These companies re-sell this space and provide software which allows people to upload their own adverts, bidding a certain amount of money to ‘win’ the right for more people to see them.

This often provides a weak point and cybercriminals have numerous clever ways of inserting their own malicious adverts into this self-service platform. Once loaded, all they have to do is set a price per advert, to compete with legitimate advertisers and push it live.

 
Why is it a threat to me?

Today we are aware of practices that look or feel ‘wrong’ on the Internet, be it odd-looking links, requests to download strange programs or posts on social media which set the alarm bells ringing. The real danger with Malvertising is that user judgement isn’t involved at all. People don’t have to click anything, visit a strange website or follow any links.

Rather, you go to a website you trust (like a news site or similar) and the adverts are secretly injecting criminal software onto your computer. This means infections can happen just by browsing the morning headlines, visiting your online dating profile or watching a video.

 How to protect yourself?
If you receive a suspicious email
  1. Do not reply, even if you recognise the sender as a well-known business or financial institution. If you have an account with this institution, contact them directly and ask them to verify the information included in the email.
  2. Do not click any links provided in these emails (or cut and paste them into a browser). This may download viruses to your computer, or at best, confirm your email address to phishers.
  3. Do not open any attachments. If you receive an attachment you are not expecting, confirm with the senders that they did indeed send the communication and meant to send an attachment.
  4. Do not enter your personal information or passwords on an untrusted Web site or form referenced in this email. 
  5. Report any suspicious messages that claim to be from DCU or contain a suspicious attachment or link to Google via the Report Phishing option located the right side of each email beside the Reply option. See below.

     

    Click on image to enlargePlease click on image to enlarge

If you responded to a suspicious email

Contact Information System Services immediately

 
Never email your personal or financial information

Email is not a secure method of communicating sensitive information. Remember that legitimate financial institutions never ask for sensitive information via email.

 
Review your credit card and bank account statements

Check your bank and credit card accounts for any suspicious activity or unauthorised charges. Sign up for online statements if you do not already receive them to get the latest information.

 
Use caution with tax information

Revenue.ie: "If you receive an unsolicited email purporting to be from Revenue with a link to a website you should ignore it. Revenue will never send emails which require customers to send personal information via email or pop-up windows."

 
Use email etiquette

To ensure that your email isn't mistaken for an infected message:

  • Always include a clear, descriptive subject for your email.
  • Consider using a signature, your name and contact information, on your email.
  • Always include a mention of the attachment and a description of why you are sending it in the body of your email.
 
Use security best practices
  • Use your DCU password exclusively for your DCU a/c.
  • Use a unique password for each of your online accounts.
  • Never use the same password for multiple accounts.
  • Run a full virus scan of your computer every month. To detect the latest viruses, you must use a current version of your anti-virus software and keep it updated.
  • ISS recommend that you use MacAfee which actively checks your computer for anti-virus software, firewall protection, and web security, and threats in your open applications.
  • Contact ISS for a licence of MacAfee.
  • Update your device's operating system with the latest security patches, including your mobile operating system.
  • Use Windows Update (Windows) or Apple Software Update (Macintosh) and enable automatic updates to receive security patches as soon as they are released.
  • Keep your software updated, especially your Web browser, mobile operating system, Adobe Reader and Flash Player.
  • Restart your computer at regular intervals: ISS recommend that you reboot your computer at regular intervals to ensure that all software patches are deployed, installed and functioning correctly.
 
Back up your data

Back up all you data to Google Drive at regular intervals using Google Back Up & Snyc

It is possible to restore all your data from Google Drive in instances of Ransomware.

ISS recommends that you create two back-up copies; one to be stored in the cloud and one to store physically, in a portable hard drive, thumb drive, extra laptop, etc.

Back up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.

 
Drive Features
  1. Upload Files for Storage: Receive unlimited free storage with DCU Apps.
  2. Share Files: Share files with friends and co-workers easily with DCU Apps Drive.
  3. Google Docs: When using Drive via your web browser you will have access to the Google Docs suite.
  4. Google Back Up & Snyc: Upload and store files from any folder on your computer, camera, and SD cards to Google Drive.
  5. GoogleFile Stream: Allows you to quickly access all of your Google Drive files on demand, directly from your computer without losing precious drive space.
 
Google Drive Back Up & Snyc Installation
  1. For Personal Computers: Follow these instructions to install Google Back Up & Snyc on your device.
  2. For DCU Devices: Follow these instructions to install Google Back Up & Snyc on your DCU managed device.
  3. For Browser Use: We highly recommend you use the Google Chrome web browser to get the most out of Google Drive.
McAfee Labs Threat Advisory PDF