Notice: COVID-19 resources, information and plans for current and upcoming academic terms. Learn more.

Malware Alert - New Payment Email Message / New Address / New Contact Details

Threat Level: Medium
Threat Type: Malware Risk
Advisory Date: 07/04/2019

Description

Recently, many uregina.ca email addresses received an email with a subject similar to "New payment notice", "Your new payment notice", "payment notice to", "New Payment Notification", "Your recent payment to NAME", or a varient. Alternatively, this same attack is seen requsting users to update contact details for the 3rd party, such as new address.  The subject may appear as "New Address" or "Updated contact details" or may wish happy holidays or similar.  This email appears to be from a UREGINA.CA, appear to be from someone you know, or from a financial insitution, but is fraudulent.  No payment has been made or recieved, and there is no need to update any contact details.

Rather, the message includes a link.  Clicking on this link will attempt to download and run malware on your computer if opened.

Do not click on link. Please delete this message.

The email will appear similar to:

Payment Image

An easy way of detecting this email, as circled in the above example, is to note that the reported sender's email is NOT the same address / legitimate address.

For example, the above message shows that curtis.****@uregina.ca is the sender.  However, wen@panpacificusa.com is the actual address it came from.  Since this is not a valid Uregina.ca account, it is clear that the message was not sent from the person it claims to be.

Alternatively, this sender's name may state to be a Bank, but will be sent from an email domain unrelated to a bank.

Impact

The link provided in the email address attempts to infect the computer with malware. Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.

Once installed on your computer, these programs can seriously affect your privacy and your computer's security.

In this case, the file uses a Office Macro. Macros automate frequently-used tasks; many are created with VBA and are written by software developers. However, some macros pose a potential security risk. A person with malicious intent can introduce a destructive macro, in a document or file, which can spread a virus on your computer.

Resolution

If you received this message, please delete it immediately if you have not already done so.   If you clicked on the link in the email, please contact the IT Support Centre as soon as possible as your system may have been infected, and requires a malware scan.  Additionally, if malware protection is not installed, up to date/current, or is not running, it is recommended that you ensure a malware scan has been completed.

Users should also ensure that macros are do not run by default across their Office suite. Users with managed machines and Office 2013 installed will already be configured as such.

Resources

See the Malware Resources page.

Please contact the IT Support Centre if you require assistance:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685
Email IT.Support@uregina.ca
Webform https://www.uregina.ca/is/forms/ticket.html
In person at ED 137 or Archer Library Main Floor Commons