Jay Shah named Director of Velocity
The University of Waterloo is appointing Jay Shah, a former startup co-founder and Waterloo alumnus, as director of its flagship entrepreneurship program, Velocity. Shah joins Velocity from Google where the entrepreneur has worked since the tech-giant acquired the company he co-founded in 2012.
“Jay Shah has been in the startup trenches, and knows what it takes to build a successful company,” said Feridun Hamdullahpur. “With his background at Waterloo, in a startup and at Google, Jay Shah is uniquely positioned to guide the next wave of world-changing entrepreneurs emerging from the University of Waterloo.”
BufferBox, founded by Shah alongside Aditya Bali and Mike McCauley, began as a fourth year Engineering Capstone Design project to create lockers for parcel delivery. The company would go on to work out of the University’s Accelerator Centre, before moving in to the Velocity Garage, winning the Velocity Fund Finals and attending Y Combinator, before ultimately being acquired by Google.
Shah’s arrival comes amidst major growth for the Velocity program. In the last year Velocity has:
- expanded its facilities to become the largest free startup incubator in the world;
- opened an on-campus science lab to develop world-class science startups; and,
- created a bustling entrepreneurship discovery space for students, hosting workshops, startup coaching, and a makerspace.
“The calibre of talent at the University of Waterloo, specifically its professors and new graduates, is a competitive advantage for companies in Waterloo,” said Shah. “They are the product of incredible academic faculties, a culture of supporting risk-taking, and the best co-op experiential learning system in the world.”
Shah will start work in September with a vision to spread innovation and entrepreneurship even further across campus.
It’s raining phish: spear phishing attacks hit campus
A message from Information Systems and Technology (IST).
You may have seen some of the past warnings that IST has published about phishing attacks on campus i.e. email trying to trick you into giving up personal information.
This year, we have seen an increase in the number of similar attacks hitting campus email inboxes. The new attack is more personalized for the UW environment and are called "spear phishing" because of the directed approach they take, compared to ordinary phishing attacks.
Features of a spear phishing message
There are several key features that are the hallmarks of a spear phishing attempt.
The sender is more plausible
- Many phishing attacks appear to come from someone claiming to be from a Nigerian oil company or similar organization offering money. That is likely a business that UW would not normally work with.
- In a spear phishing attack, the forged email is crafted to be more plausible. It might appear to come from another university, for example.
- Check the sending and return address to see whether the addresses are legitimate. Even if forged, there might be discrepancies in the addresses that will help you identify malicious email.
The email is relevant
- The sender will talk about upgrades to local software, or an unpaid invoice that the University should deal with, rather than asking for help with a money transfer.
The graphics are familiar
- In the email or related web pages, graphics from software used at UW or actual UW logos will be included.
The links in the message may mention UW in the URL
- Instead of a completely generic URL, the fraudster uses a domain they have control of so words like “uwaterloo” or “uw” are included in the URL.
Example of a campus spear phishing attempt
Visit https://uwaterloo.ca/ist/learn-about-and-protect-against-spear-phishing to see an example of a recent spear phishing attempt received by University of Waterloo staff, crafted to look like it was from the IST Service Desk. Spear phishing components and other concerns have been highlighted and explained.
Defend yourself from spear phishing
- Always check the URL of a link before clicking on it. Don't click if the URL isn't at uwaterloo.ca, or if the URL is unusual or difficult to read.
- If the email claims a software or other upgrade is being done university-wide, verify it by checking with your IT Computing Rep or the IST Service Desk.
- If the email is about something that has nothing to do with your job (like dealing with invoices) ignore it.
- Don't open attachments if the message is from an unknown sender, or if the attachment is irrelevant to your job.
- If the email looks suspicious, verify its legitimacy by phoning or discussing it in person with the sender listed in the email header.
- Report suspicious email messages to IST.