Phishing via Teams
Phishing is generally conducted from emails; however, UBC has faced its first case of Phishing via Teams. Claiming to be part of UBC’s IT support team, a cybercriminal attempted to convince a staff member to share their screen and allow remote control. These “Living off the Land” (LOTL) attacks are a type of cyberattack that relies on already installed software (Teams) to carry out malicious activity, making it harder to detect.
Fortunately, the staff member realized something was off and reported the situation. The Cybersecurity team was then able to contain the threat.
Fake Invoice
Sixteen staff members reported receiving fake invoices from cybercriminals impersonating UBC members. At a glance, these fake invoice pdfs were indistinguishable from real invoices.
What can I do to protect myself?
- Be cautious of unsolicited requests: Legitimate UBC IT staff will never ask you to grant remote control of your screen through Teams or any other platform without prior communication.
- Check who you’re talking to: If someone claims to be IT support, double-check their email address or Teams profile before responding.
If you’re unsure, contact IT directly through official channels.
- Report suspicious activity right away: If something feels off, trust your instincts. Report it immediately to UBC Cybersecurity at security@ubc.ca. Quick reporting is often the difference between stopping an attack and a successful compromise.
