Impersonation Phishing Alert

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 07/13/2023

Description

Recently, many uregina.ca email addresses were targeted with phishing emails impersonating the President of the University of Regina. These emails contain attachment (word/pdf document) shared with users and contains a link that leads to an external phishing site related to University of Regina.

The content of these messages refers to a policy or updates that is required for University of Regina members to read.

These messages are not legitimate and does not originate from any member of University, any credential entered into this phishng site are at the risk of credential theft.

Sample email received:

>>> "Penney, Sara" <sarap@mun.ca> 9/4/2019 9:34 AM >>>

Dear University of Regina Employees,

We have an exceptional workforce in The University of Regina and that is strongly committed to the highest standards of ethical conduct and professionalism. Our employees work tirelessly every day to ensure that we deliver the highest quality education for our students to prepare them for success beyond graduation. Nevertheless, as an organization committed to University of Regina of performance excellence and continuous improvement, we can always improve our operational processes .Detailed information can be found in the attachment to this email. All employees are advised to review the information.

Yours Sincerely

Dr. Vianne Timmons
President and Vice-Chancellor
University of Regina

 

A copy of the shared document:

 

 Capture-3.PNG

 

Impact

People who responded to these phishing emails and input their credentials into the phishing site put themselves and the institutions at risk.

Users impacted by these phishing emails have been directly alerted to change their passwords.

Resolution

If you received this message, please delete it immediately if you have not already done so. If you inadvertently clicked a link and entered your credentials, please change your password right away to a new, unique password.  If this exposed password is reused on other accounts, it is important that these account credentials also be updated.  Any credentials entered into the phishing site can be considered breached.

  • Go to the Information Services homepage at http://www.uregina.ca/is and click "Change Password" in the Quicklinks on the right side.
  • Additionally, if malware protection is not installed, up to date/current, or is not running, it is recommended that you ensure a malware scan has been completed.

Resources

More phishing related information such as "How can I tell if the message is real?"  And "What should I do if I suspect email phishing?" can be found at the Phishing Information resources page.

If you receive a message that you are unable to determine the legitimacy of, please contact the IT Support Centre:

In person at ED 137 or Archer Library Main Floor Commons

Phone 306-585-4685

Email IT.Support@uregina.ca
Webform http://www.uregina.ca/is/forms/ticket.html

In person at ED 137 or Archer Library Main Floor Commons