HR Network News Archive
- Focus on People
- Health & Wellbeing
- HR Memos
- HR Network Studios
- HR News
- Professional Development
- UBC News
By Breeonne Baxter on January 22, 2015
Please share this with your staff and faculty
The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Reference: http://www.ic3.gov/media/2015/150113-2.aspx
Quoted from the article:
University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.
UBC employees cannot update banking info in Self-Service, and only the last 4 digits of your bank account number appears on the Direct Deposit page. However, your Self-Service records contain personal information that could aid in identity theft.
In order to change personal direct-deposit information, UBC employees must complete paper forms and attach updated backing information, which is then submitted to Payroll. UBC Payroll is ensuring their staff are aware of this phishing scam.
If you think you may have submitted your UBC CWL or login account credentials to an illegitimate site, go to myAccount to change your password immediately. Also, please forward a copy of the email including full headers to email@example.com and advise of the possible breach of your account.
By Breeonne Baxter on April 24, 2014
For HR Administrators
In recent weeks, some UBC email accounts have received fraudulent email messages, attempting to gain UBC login credentials. If you think you may have submitted your UBC CWL or login account credentials to an illegitimate site, go to myAccount to change your password immediately. Also, please forward a copy of the email including full headers to firstname.lastname@example.org and advise of the possible breach of your account.
See some examples of recent phishing messages at http://it.ubc.ca/services/security/ubc-information-security-office/phishing.
“Phishing” is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in email communications [Source: Wikipedia]. At UBC, recent fraudulent emails have been circulating asking for CWL information. UBC IT, nor any other UBC entity, will ask for your CWL information through email.
UBC IT has a procedure in place if you, your staff or you faculty receive a suspicious email. Visit http://it.ubc.ca/services/security/ubc-information-security-office/phishing to learn how to report a suspicious email, or to read about recent phishing attempts on UBC servers.
Information security is everyone’s responsibility. Educate yourself about helping to keep the information safe for everyone in the UBC community, by visiting the UBC Information Security Office‘s homepage.
By Breeonne Baxter on April 10, 2014
For the HR Community of Practice
CTLT presents Debunking Digital Myths: Online Tracking
Summary: This interactive session outlines the issues of website tracking and online privacy, and how these concepts continue to evolve with the advent of new technology and applications. Participants are provided with basic information on how cookies work, why their online activity may be being tracked and by whom, as well as strategies for maintaining privacy online. Bring your own laptop and lunch!
Date: April 17, 2014
Time: 12:00 p.m. to 1:00 p.m.
Location: Irving K. Barber Learning Centre – Lillooet Room, 301
By Breeonne Baxter on January 16, 2014
Please share this with your staff and faculty
International Data Privacy Day is held every year on Jan. 28 to promote privacy and data protection around the world. This year, UBC will mark this event with an awareness campaign covering privacy issues in sensitive areas, such as research, teaching and advising, development and alumni relations, and Canada’s new anti-spam legislation. Information about this campaign will be posted on UBC’s Access and Privacy Webpage over the coming weeks.
In our increasingly networked world, privacy and information security has never been more important. All staff and faculty members should be familiar with the basic privacy concepts outlined in UBC’s Access and Privacy Guide. Also, University has issued a summary of the most common Privacy Pitfalls facing staff and faculty of the University.
If you have any questions, email email@example.com.