New information security concerns

October 16, 2020

There have been a number of recent warnings about information security threats at Canadian universities, including McMaster.

One tactic being used is threatening emails, calls or texts that warn the recipient not to contact police or security and to respond within 24 hours. The messages are an attempt to steal your logon credentials to take over your email and to get access to your research.

Many of these messages are easily detected as fraudulent, but a recent trend has been to use impersonation to increase the likelihood that the recipient will trust the message. Impersonation modifies the email sender name to that of someone familiar within the organization, usually a senior leader. The result is a message that appears to come from a trustworthy authority.

Please report any concerns that include abnormal activity that could include:

  • Sending you threatening emails, calls or texts that will eventually ask you for your login credentials
  • Compromising your email account to access privileged information, redirect messages and send messages from your email

Increased vigilance is necessary. Here are some things to watch for and actions you can take:

  • Hover over links in emails before you click them
  • Doublecheck that the sender is who they claim to be
  • Don’t open attachments that you weren’t expecting to receive
  • If you receive a message from a colleague that seems odd, reach out to that colleague to confirm that they did send the message
  • Periodically check your sent and deleted messages and see if there are any messages that you don’t recall sending or deleting

Report spam and phishing messages to is-spam@mcmaster.ca. If you observe any of these activities or would like to discuss any concerns, please contact Paul Muir at muirp@mcmaster.ca. If the message is threatening please also include Security at security@mcmaster.ca.