The UFV Cybersecurity team has been made aware of a social engineering scam targeting UFV employees and students. This scam attempts to gain access to your employee or student account.
The scam typically starts with a phishing email that asks you to scan a QR code to re-authenticate and verify your MFA or 2FA. Once you scan the code using your phone, it takes you to a malicious webpage asking for your password, phone number, and sometimes other personal details. This is all done because UFV accounts are protected with multi-factor authentication (MFA); the attacker needs more than just your password.
Next, they will contact you on your personal phone (often claiming to be UFV IT Services) to get you to approve the fraudulent login request or give them your MFA code. Doing so will give the attacker full access to your account.
In other cases, once the scammer has phished your personal phone number through other means, they will reach out via SMS (text message), creating an urgency to verify your UFV account and threatening the termination of your account.
What do I need to do?
To avoid this scam, keep these tips in mind:
- UFV and IT Services will never ask for your password or MFA codes.
- Never put your password or MFA codes into a web form, email, or text message.
- Instead of SMS (text message) verification, use a strong MFA method such as the authenticator app or a security key.
- If something feels strange, or you receive a message you aren’t sure about, don’t hesitate to contact the IT Service Desk at itservicedesk.ufv.ca or by email itservicedesk@ufv.ca or call us at local 4610 or 604-864-4610.
Who is impacted?
All UFV employees and students.
Still need more info?
If you have any questions, please contact the IT Service Desk at itservicedesk.ufv.ca, email itservicedesk@ufv.ca or call us on local 4610 or 604-864-4610.
Comments are closed.