"Dear uregina.ca account user."

Threat Level: Medium

Threat Type: Business Email Compromise

Advisory Date: 07/13/2023

Description

Over this weekend users have recieved the following message from info@uregina.ca; this address has been spoofed to lend legitimacy to itself in an attempt to trick you into clicking the link contained within the email message.

Email message sample:

Phishing email sample

Impact

Phishing email messages like this urge you to take action immediately to trick you into clicking malicious links, in this message "CLICK" is one such example.

Malicious links can have many different effects; most commonly they take you to a phishing portal where they ask you for information, however in some cases these links can infect your computer or mobile device with malware utilizing previously undiscovered or unknown methods of compromise, known as a Zero Day Attack.

Read more about Zero Day Attacks: https://en.wikipedia.org/wiki/Zero-day_(computing)

It is recommended that you never click on phishing links or take action without first verifying if a message is real.

Resolution

Users who have recieved this email have been advised of this incident directly.

Report phishing messages if you see them to is.security@uregina.ca or the IT Support Centre.

Do not click on links or enter sensitive information into websites that do not originate from uregina.ca.

Resources

More phishing related information such as "How can I tell if the message is real?" and "What should I do if I suspect email phishing?" can be found at the Phishing Information resources page.

If your receive a message that you are unable to determine the legitimatacy of, please contact the IT Support Centre:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685

Email IT.Support@uregina.ca
Webform http://www.uregina.ca/is/forms/ticket.html

In person at ED 137 or Archer Library Main Floor Commons