EMAIL:

ALWAYS ask yourself whether the email message you received is authentic:

1. Do I know the sender?
2. If I know the sender, am I sure it really is who I think it is?
3. Is the message relevant to any previous conversation or activity?
4. Is the message unusual in any other way? For example, it feels it was written in a different style from the usual sender’s way of writing, or it is about a subject or activity you had not previously discussed with the sender, or did not engage in.

If you are not sure, DO NOT open any attachments, and DO NOT click on any links in the message.

                Try to call the sender and confirm they indeed sent a message to you. If you cannot call the sender, call IT Department instead, and delete the message right away.

“OFFICIAL SOURCE”

The most common method of attack so far has been in the form o a message that looks like coming from an official source: a bank (including the bank you do business with), UPS, FedEx, Canada Post, eFax, CRA, Police, PayPal, eBay, Government Sites, etc. Before opening the message, attachment or a link, ask yourself:

1. Have I had any recent business with the “official” institution that is apparently sending me the email? If not, do not open. DELETE the message immediately and call IT Department. For example, if you do banking with Royal Bank, and you receive “information” from TD, you can be absolutely sure it is a malware; If you are not expecting any packages and you receive a message from, say, UPS – it is a malware. If you are expecting a delivery, make sure you know what carrier will be delivering. But even then, STOP and:

1.  Check if the message refers the goods you ordered.
2. Does it specify the seller from which you ordered the goods?
3. Does it include the Order number you received previously from the seller?

   If the answer is NO to any of the above, DELET the message immediately and call IT Department.

If you are quite sure the message is legitimate (as per the steps in 2.a.), but still wish to check, please call Tech Support. We will be happy to help.

INTERNET (Including Facebook, Instant messengers, etc.)

• AVOID visiting unknown sites from your work computer. If you are doing research, be careful, even Google search results might point to bogus or dangerous places.
• NEVER CLICK on Agree, OK, or I accept in banner ads or any unexpected pop-up windows while browsing.
• NEVER ACCEPT any offers to download software that will “protect”, “clean up”, “search for viruses”, “speed up”, “fix your Registry”, or in any other way promise to help or improve your computer. If you accept, they will invariably try to install malware on your computer.
• DO NOT DOWNLOAD any software to your computer, regardless of where it comes from. IT Department will be happy to provide additional functionality when required. On your home computers, download only from the sources you trust. Avoid any torrents as they are known to be loaded with malware.
• DO NOT DOWNLOAD “free” music, videos, games, or any other files. Malware may be included in your downloads. If you must download a job-related .pdf (from a known site, of course), be very careful if it contains links. Do NOT click on the links until you are sure they lead to legitimate sites (see below). At home, avoid any downloads unless you can assure yourself they come from a legitimate source.
• DO NOT CLICK on the Yes/No or Accept/Cancel or Agree/Disagree pop-ups. READ FIRST, carefully, what they are about. You may be giving permission to a hacker to install malware! If you are not sure, or have the least bit of suspicion, close the browser, or shut down your computer immediately.
• THE MOMENT YOU EVEN SUSPECT SOMETHING MAY BE WRONG – CONTACT TECH SUPPORT IMMEDIATELY.

Please feel free to watch the following video containing very similar advice: https://youtu.be/pCM_GMSyMjo

 

WHAT IF MY COMPUTER IS ATTACKED?

DO NOT TRY TO FIX IT YOURSELF!

DISCONNECT IMMEDIATELY your computer from the network by unplugging the network cable. If using a laptop, DISCONNECT from the docking station and DISABLE Wi-Fi. (Take a few minutes to learn how: see instructions)

CUT THE POWER by unplugging the power supply. If using laptop, and you disconnected from the docking station, SHUT DOWN the laptop by depressing the Power button until it shuts down, or keep pressing Alt-F4 until you get to the Shut Down screen. If it does not shut down, close the laptop and call Tech Support immediately.

 CALL IT TECH SUPPORT at 416-238-1050

Don’t forget, your vigilance keeps us safe and all of us at IT Department thank you for keeping your guard up at all times.

 

ADDITIONAL READING AND A QUIZ

 

HOW TO CHECK IF A LINK IS LEGITIMATE

It is a very good practice to check ANY link included in an email message, Facebook post, instant messengers, and social media.

If a message looks suspicious, checking the link before clicking on it is essential to protecting your computer and information.

 

What content can contain links? What do links look like?

Links can present in a message in several ways:

1. Regular links (example: http://www.costi.org)
2. Shortened links (example: http://tiny.cc/623q546ads or http://bit.ly/cc4j3353)
3. Embedded in text (example: COSTI Immigrant Services)
4. Embedded in pictures (example: 
5. Embedded in other elements of the message.
6. Is the link legitimate? Where does it lead?

Take a look at these two links:

7. COSTI Immigrant Services
8. COSTI Immigrant Services

They look exactly the same. Yes, they will take you to two very different places.


 

 

 

 

How can I check a link? Where will it take me?

 

9. First, start with positioning a mouse over the content that may contain a link (a.k.a mouse-over). DO NOT click on the link, just rest the mouse over it. The real address of the link will pop up in a small grey window just above the link. Try it with the two identical COSTI Immigrant Services links above and see where each will really take you.

WARNING: If the link you see in the window is different from the one in the message, BEWARE! Almost certainly the message is NOT legitimate, and the link will take you to the attacker’s site.

10. If the above test reveals a link in a shortened format, it is not possible to tell right away where it will take you. Thankfully, there are tools on the Internet that can help you “decipher” the short link and show it in the regular format. First, you need to copy the short link. Be very careful, you DON’T want to left-click on it inadvertently at this point. Instead, position the mouse over the link, then RIGHT-click on it. Select “Copy Hyperlink” from the menu that pops up, then go to:
1. https://transparencyreport.google.com/safe-browsing/search Click on the “Search by URL” and paste the hyperlink you want to check. (Paste by Ctrl-V, or by right-click and select Paste). After you click on Search, the site will tell you if the link is safe.

It may not be easy to discern a spoofed address in the link from a legitimate one. Knowing how Internet addresses are formatted can help. Website addresses (a.k.a. URLs – Universal Resource Locators) have a precisely defined structure. Let’s take a look at a typical URL:

https://www.cibc.com/en/help-support.html

The first thing to note is the position of dots and forward slash symbols. They separate different functions of a URL. Here is a very simplified description:

en/help-support.html	Subdirectory or Subdirectories	Subdirectory information does not help in determination of whether the site is legitimate, but if it contains a very long string of unusual characters, do not take chances following the link unless you are absolutely sure it is legitimate. Perhaps the best course of action is to call IT Department and have them take a look as well.
com	Top-level Domain	Top-level domain names are defined by the Internet Corporation for Assigned Names and Numbers (ICANN). These are names like .org, .net, .edu, .gov, etc. Each country also has a top-level domain abbreviation. For example, Canada’s is .ca, Australia’s is .au, Egypt’s is .eg, etc. You can find the full list here. Recently the list of top-level domains was expanded to include all kinds of business designations, such as .biz, .club, etc., making it almost impossible to make any assumptions about the validity of a site based on the top-level designation. The most important thing about the top-level domain portion of the URL is that it is ALWAYS positioned between the . [dot[ and the / [forward slash] symbols. For example .com/, or .edu/ or .ca/. This is very helpful in identifying spoofed site names.
cibc	Second-level Domain	Second-level domain name must be unique, and must be registered with an official Internet Registrar. One company or organization (entity) can register many second-level domain names, but one second-level domain name can belong ESCLUSIVELY to a SINGLE entity. For example, COSTI owns both costi.org and costi.ca. But COSTI is the SOLE registered owner of these two second-level domains, and nobody else can have or use them for as long as COSTI renews its registrations. Equally, cibc.com is owned by CIBC.
www	Subdomain	Subdomain names can be almost anything. They are defined by the owner of the Second-level domain, and do not need to be registered. Names of Second-level domains are usually determined by the IT Departments or Web Development teams of an organization. For example, COSTI’s IT Department decided to name our Client Registration URL: creg.costi.ca. It could have been anything else, like registration.costi.ca or clientreg.costi.ca. Therefore, the subdomain name alone is not very useful in determining whether a link (URL) is legitimate or not. Web Development teams may also decide to split a website into several subdomains/websites. For example, we could have decided to use rap.creg.costi.ca/ or Claimant.creg.costi.ca/ or kel.employment.creg.costi.ca/, etc.
https	Protocol	This is a designation of the transport protocol for the website. “http” stands for Hypertext Transport Protocol and the additional s in https indicates that the content is encrypted between the server and your computers – Secure HTTP.

 

Identify the pattern: Leftmost [dot] [First-level Doman Name] [dot] [Top-level Domain Name] [Forward Slash]

For example: .costi.ca/ or .cnn.com/ or.theguardian.com/

This unequivocally determines the ownership of the site that can be verified on the Internet. Finding the owner is a two-step process:

1. Go to https://www.iana.org/whois and type what you identified to be the pattern: [First-level Domain Name].[Top-level Domain Name]. In the result not the line “refer:”. This is the link to the domain search engine of the organization in charge of the particular Top-level domain name (i.e. .com, .net, .org, etc.)
11. If you would like to see the regular link hidden behind the shortened version go to http://checkshorturl.com/ and repeat Cut and Paste operation.
    
12. The link looks legitimate. How can I be sure?

Copy the link and paste it in your browser. You will need to supply the same  [First-level Domain Name].[Top-level Domain Name], and information about the domain’s owner will show on the screen. Sometimes the “whois” website may not be available – time to call IT Department.

CAUTION: Attackers will use every possible trick to make this determination difficult and deceive you into believing you are going to a legitimate address.

NEVER underestimate how easy it is to get tricked.

Here are some examples of what you may see:

Try yourself: try to determine if the sites below are legitimate or false:

HOW TO RECOGNIZE A PHISING EMAIL

Here are some hints on what should raise your suspicions right away:

1. A message seems to arrive from a “known source”, but the context is unusual.

Examples:

• You receive a mail from Mario or other COSTI Director/Manager asking you about your availability for a meeting. You have never received such a request before. The sender usually does not arrange meetings with you ad hoc, via email.
• You receive a message from a colleague or a superior, but something in the wording or the tone of the message is different from the usual.
• A message from an agency contains information you do not recall, or refers to a procedure you are not familiar with.
• A message comes from a familiar source, but the name of the sender is new; someone else usually contacted you from that source.
• The sender of the message is asking you to provide information urgently, for whatever excuse, particularly if it concerns privacy or financial information.
• Although the sender is known, she/he is requesting a usual procedure to be done somewhat differently from before.

2. A message seems to arrive from a “recognizable source”, with references to events or people you do not recognize.

Examples:

• You receive an email from UPS that a package has been sent to you, and it includes a link to a site where you can track the package. You do not recall ordering any goods recently, the stated value or content doesn’t match your records, or the sender indicated a different shipping provider.
• You receive an email for a bank informing you that the payment of $xxx.xx was made as per your request. It includes a link to the site where you can review the payment, or stop it if you changed your mind. You do not remember making any such requests, or authorizing any payments.
• You receive an email from the Royal Bank stating that your password has been compromised, with a link to the site where you can change your password in order to prevent unauthorised withdrawals from the company’s account
• You receive an email from COSTI’s IT Department informing you that your account has expired directing you to the link to where you can update your account and change your password.
• You receive an email informing you that your subscription is about to expire and needs to be renewed.

3. A message is from an unknown source, but the content is familiar.

Examples:

• An email arrives from a job applicant, with a resume attached.
• You receive an email about the latest news, you’ve heard about it, and there is a link in the message to read more.
• An angry COSTI customer wrote to you, and included a list of her complaints in an attachment.

4. A hacker threatening to disclose your information

Examples:

• You have been caught visiting Tinder or porn sites.
• Your computer was compromised and a video of you visiting a porn site will be sent to everyone on your Contact list if you don’t pay the ransom.

5. A message is from an unknown source, offering free services or goods.

6. For more examples and ways to recognize phishing emails and ways to avoid traps you may wish to visit:

https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email

https://security.berkeley.edu/education-awareness/phishing/phishing-examples-archive

https://www.thesslstore.com/blog/phishing-email-examples-the-best-worst/

https://www.phishing.org/phishing-examples

https://blog.fleetsmith.com/anti-phishing-guide/