Notice: COVID-19 resources, information and plans for current and upcoming academic terms. Learn more.

Multiple Phishing Campaigns: "New Gateway" or "Payroll Schedule is Available!"

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/04/2019

Description

Multiple phishing campaigns have been detected.

Campaign 1:

The inbound emails to uregina.ca users attempts to entice you to click on a link to enroll ina new gateway for faculty and students. This is fradulent.

The emails originate from non uregina.ca addresses, and appear stimilar to:

"Welcome to the new Gateway for Faculty and Staff

Login to The Staff Gateway: is the new home for on-line self-service and information.
Click on Gateway <LINK TO PHISHING PORTAL> and login to:
Access the new staff directory
Access your pay slips and P0s
Update your photo ID
E-mail and Calendar Flexibility
Connect mobile number to e-mail for Voicemail
Contact ITS Help Desk for email issues?​"

Clicking the link "Gateway" will take you to a page hosted external to the university (not located on a uregina.ca website) which asks for username and passwords. Do not click on this link or enter credentials.

Campaign 2:

Using the subject line similar to "Payroll schedule is available!", which is sent by an external party (such as an email account ending in @edu.karelia.fi) , many staff and faculty email addresses were targeted.
This email appears as:

"1 New Notification Regarding Your 2018 Payroll

Login Here <LINK TO PHISHING PORTAL>

Copyright © 2018 University of Regina"

While the link looks like a uregina.ca website, hovering your mouse cursor over the link shows that it leads to a non-uregina.ca website. In this case, clicking the link takes you to a cloned login portal, but is hosted on a website which is not operated by the university. The address in the browser once the link is clicked is not a valid uregina.ca website address. Do not enter any credentials.

Impact

Phishing is an online fraud technique used by criminals to entice you to disclose personal information. It is the fastest rising online crime method used for stealing personal financial information and perpetrating identity theft.

Phishers use many different tactics to lure you, including email and web sites that resemble well-known, trusted institutions. A common phishing practice involves spamming recipients with a fake message under the name of a trusted institution. The purpose of this fake message is to trick you into providing personal information, such as user name and password.

People who respond to phishing e-mails, and input the requested financial or personal information into e-mails, websites, or pop-up windows put themselves and their institutions at risk.

Resolution

If you received this message, please delete it immediately if you have not already done so. This message did NOT come from Information Services or Payroll.
If you inadvertently clicked a link and entered your credentials, please change your password right away to something you have not used recently:

Go to the Information Services homepage at http://www.uregina.ca/is and click "Change Password" in the Quicklinks on the right side

Resources

See the Phishing Resources page. Additionally, phishing is a subject covered in Information Security Awareness Training, which is offered at no charge, online, to the University community.

Please contact the IT Support Centre if you require assistance:
Phone 306-585-4685
Email IT.Support@uregina.ca
Webform http://www.uregina.ca/is/forms/ticket.html

In person at ED 137 or Archer Library Main Floor Commons