UVic wards off phishing attack

Campus News

University reminds students and staff to be wary of cyber-attacks

phishing e-mail sent to UVic
Screen capture of e-mail.

On the morning of Nov. 18, UVic university systems administrators discovered a phishing attack was targeting UVic students and staff. 

“UVic first became aware of this phishing attack at approximately 7:30 AM this morning,” a university spokesperson told the Martlet.

The attack appeared in the form of a fake COVID-19 email from UVic. The email asked students and staff to click on a link and register for a COVID-19 relief fund which would deliver a $2 920 payment to all students and staff beginning Nov. 18. 

At the time of writing, the university is not aware of anyone affected by the attack and that all data stored by UVic remains safe and secure.

In an email to staff and students, UVic’s  Associate Director of Desktop Support Services (DSS) David Street said that anyone who receives the email should avoid clicking the link and if they do, to lodge a ticket with DSS to remediate their computer. 

Street also urged all students and staff to register with UVic Multi-Factor Authentication (MFA), a program that strengthens the security of your Netlink ID by installing second-factor identification. Under UVIC MFA, students and staff will be asked to verify their identity by asking them to accept a notification on another device. This grants an extra layer of security in case somebody figures out their username and password.

Phishing attacks are one of the most common methods hackers use to install malware and gain access to a computer or network. They can take many forms from emails to texts, however they usually contain a link which when clicked will install malware, a code or file that will grant the hacker access to the device and any networks attached to it.

Large institutions such as universities are frequent targets of phishing attacks. Their large financial holdings and storage of sensitive information is irresistible to hackers who can either enrich themselves or gain information that can be used for blackmail. All it takes is one person to slip up for hackers to gain access. 

Over the course of the COVID-19 pandemic, universities have been the target of over 5.8 million phishing attacks, roughly 60 per cent of the global total. Several universities in the UK have faced phishing attacks that knocked out their IT systems and tried to steal valuable research.

The university says that phishing attacks are not new to UVic and that there are filters in place to prevent them from succeeding in gaining access to university systems.

“We use filters to prevent phishing messages from reaching Inboxes, but must balance the potential for blocking legitimate email and attackers are constantly adjusting their tactics to make phishing email look legitimate to evade these filters,” the spokesperson said.

In addition to UVic MFA and email filters, UVic offers online phishing awareness training which simulates phishing attacks to help train students and staff on how to spot them.

Street says that if anyone feels like an email is a possible phishing attack, they should either delete it or report it using tools such as Outlooks report phishing button. He says that any questions or concerns can be directed to DSS.