University sends warning to students not to open hyperlink in spam mail
An email was sent by Concordia University to students on Oct. 3 advising them not to open a phishing email circulating in the student community. The phishing email was sent by firstname.lastname@example.org, according to a screenshot sent by the university.
The phishing email read: “Concordia University Latest News & Media.” A second line included a hyperlink with the words “Breaking News. Find out more.”
In its message to students, the university asked to “please delete [the email] immediately […] Phishing techniques such as this can spread viruses and malware.”
The message continued: “A recent example of the dangers of this type of email is the WannaCrypt/WannaCry ransomware attack, which paralyzed thousands of computers across the globe.”
Phishing emails and potential cyberattacks have been commonplace in Montreal universities over the past two years. Last May, 120 computers at the Université de Montréal were infected by the WannaCry virus, which encrypted copies of user files before deleting the originals, forcing people to pay a ransom to regain access to their documents.
On Aug. 31, as previously reported by The Concordian, phishing emails were also sent to McGill University students.
Cyberattacks occurred on two occasions at Concordia in the last two years. In March 2016, keyloggers were installed at the Webster and Vanier libraries. The devices allow hackers to record all the keys pressed by a person, allowing them to remember everything that was typed.
In April 2017, the university’s online course system, eConcordia, was also hacked.
Concordia President Alan Shepard told The Concordian in September that cyberattacks were a “big issue.” “We were lucky in both episodes that we didn’t have any major damage that we’re aware of,” he said, referring to the two incidents at Concordia.
According to Shepard, the university made “some technical changes to try and prevent repeats of these episodes.” The president wouldn’t disclose what these changes were.
Raymond Chabot Grant Thornton, an accounting firm, audited the university’s IT security in 2017, according to Shepard. The IT audit was part of the annual audit presented to the university’s board of governors. Shepard said the audit showed the university’s cybersecurity had strengthened.
The audit differs from a separate project Shepard described as a “large-scale review of cybersecurity.” As the The Concordian previously reported, a call for tenders was sent by the university in July through the publicly accessible Système électronique d’appel d’offre du Québec (SEAO), seeking professional services to assess the university’s cybersecurity risks. Shepard said the result of the assessment will be private.
Eight different companies bidded for the contract, including Bell Canada, Montreal-based GoSecure and Okiok Data. The value of the contract is still unknown.