The UFV Cybersecurity team has been made aware of a social engineering scam targeting UFV employees and students. This scam attempts to gain access to your employee or student account.
The scam typically starts with a phishing email that links to a Google Form; it asks for your password, phone number, and sometimes other personal details. Because UFV accounts are protected with multi-factor authentication (MFA), the attacker needs more than just your password. Next, they will contact you on your personal phone (often claiming to be UFV IT Services) to get you to approve the fraudulent login request or give them your MFA code. Doing so will give the attacker full access to your account.
What do I need to do?
To avoid this scam, keep these tips in mind:
- UFV and IT Services will never ask you for your password or MFA codes
- Never put your password or MFA codes into a web form, email, or text message
- Instead of SMS (text message) verification, use a strong MFA method such as the authenticator app or a security key
- If something feels strange, or you receive a message you aren’t sure about, don’t hesitate to contact the IT Service Desk at itservicedesk.ufv.ca or by email itservicedesk@ufv.ca or call us on local 4610 or 604-864-4610
Who is impacted?
All UFV employees and students.
Still need more info?
If you have any questions, please contact the IT Service Desk at itservicedesk.ufv.ca, email itservicedesk@ufv.ca or call us on local 4610 or 604-864-4610.
Comments are closed.