The University of Waterloo community has seen many challenges over the last 6 months, both new and old. One of the older issues affecting us is returning in new and surprising ways.
Using the COVID-19 pandemic to gain access to your data
Phishing - the sending of deceptive email in order to steal passwords and credentials – has long been a part of life online. Since the beginning of the COVID-19 pandemic, though, security professionals have seen a rise in the number of phishing attacks being made.
The reason for this increase is the opportunity presented by the crisis. People have been shaken out of their regular routines, and messaging from employers, government, and business has changed in frequency and urgency. The confusion caused by these changes allows phishing attacks to imitate messages that we aren’t experienced with, increasing the chance that we will fall for scam emails.
These phishing attacks prey on our concerns and the lack of information that goes with a rapidly changing situation. They pose as information about local pandemic infections, offers for masks and protective gear, bizarre conspiracy theories, or false information about government relief programs.
There are many ways to protect yourself from phishing. Among those recommended by IST are:
Think before you click. If you feel a strong emotional response to email, consider whether that is clouding your judgement.
Evaluate. If you are getting a special offer from a retailer you don’t usually shop with, a lucrative offer from them is less likely to be genuine. If email from a co-worker or manager asks you to do something unusual, like purchasing gift cards, it’s probably a scam.
Verify. Contact correspondents directly using known email addresses, websites, or phone numbers, not through the links provided in the suspect email.
Protect. Avoid disclosing personal or professional information my email or phone to unknown parties. Never provide credit card numbers, social insurance numbers, passwords, or similar confidential information to others.
Two-factor authentication (2FA) will help
One of the strongest defenses against the theft of your online accounts is two-factor authentication (2FA). By requiring not only a password, but also a second non-password method of verifying your identity, you can be protected even if your password is stolen.
Effective November 3, 2020, use of 2FA will be mandatory to access specific campus systems, including Office 365, Workday, Quest, LEARN, Concur, Unit4, and others. Prepare yourself early for this change by downloading the ‘Duo Mobile’ app to your smartphone and enrolling in Duo 2FA. Alternatively, other authenticators are supported, including the YubiKey. Visit https://uwaterloo.ca/2fa/ for more information.