Notice: Phishing Campaign
Starting September 18, 2017, Technology Services will implement a phishing awareness program. In this program, emails will be sent randomly to employees. The email messages will mimic a real threat. If you do click on a link in a test email message, you will receive a response indicating “web-page blocked”.
Technology Services will be tracking statistics for gauging program effectiveness and to support the design of training and future test messages. Individual responses will not be reported.
Once TS has assessed the baseline responses to the test messages, there will be further notices regarding online training and the program’s next steps.
Why a Phishing Campaign?
We have seen, over the past year, an increased number of phishing attacks on universities. The education industry is one of the most likely targets for cyber-attacks, along with healthcare and financial institutions. According to a 2017 report from Canadian Underwriter, accidental breaches account for more than one quarter of all breaches. Recent news reports of compromised digital account information, from high-profile sites such as Equifax, MacEwan University, and University of Calgary, are good reminders to protect our online accounts. If you are compromised in one area, like Yahoo or Home Depot, other accounts are at risk.
Acadia University is not more - or less - vulnerable than any other university. At Acadia, there have been 4 confirmed cases of ransomware. These came from opening attachments from phishing emails. In one case, the files were recovered successfully. In the other 3 cases, all data on the computer was lost. Acadia has not yet paid a ransom for its data.
What can we do to protect Acadia?
The best defense against malware and ransomware is vigilance and resilience.
Targeting individual users is the channel used by hackers to gain access. Most ransomware is delivered to victims in the form of e-mail attachments that lure people into clicking links to infected websites. While technologies such as e-mail security and anti-virus programs help, as the sheer number of attacks increase, some phishing attacks get through. At risk is not just your own personal data, but your colleague’s personal and work data, research data, student information, financial and other private pieces of information. Everyone is a target and everyone is susceptible.
Raising awareness and training is an important step forward.
Thank you for your cooperation. If you have any questions, please contact the Service Desk.
Acadia Technology Services