Don't get scammed: Cybersecurity tips from UWindsor's IT experts

When asked whether people take cybersecurity seriously enough, IT expert Marcin Pulcer chuckled to say, "No."

Experts say even those who are tech-savvy can get tricked

A phishing scam to look out for

2 months ago
Duration 1:41
Security expert Kevin Macnaughton explains how to spot a phishing scam. 1:41

When asked whether people take cybersecurity seriously enough, IT expert Marcin Pulcer chuckled to say, "No."

That's something he hopes to change. 

Pulcer, the assistant director of IT at the University of Windsor, explains that his team is constantly trying to equip the campus community and the public at large with tools and knowledge to protect themselves from potential online threats and people who want to cause harm. 

"Oftentimes, these people are ... their full time job is trying to swindle people on the internet," he explained.

From email phishing attacks, to phone scams, Pulcer said people need to be very aware. They can come in the form of emails, text messages, ads, and so on.

"We've had very smart, very tech-savvy people get caught by these types of errors.... I don't want to call it a human error. Just, you know, tricked," he said. 

A popular gift card scam

While the volume of attacks remains consistent, Pulcer said they're always seeing new types of attacks. 

This is an example of a popular gift card scam Kevin Macnaughton refers to. It displays three of the key factors to look out for when identifying a scam: unexpected, urgent and inconsistent. (Submitted by Marcin Pulcer)

Of late, a popular scam is one in the form of a gift card prize offer.

"The gift card scam is actually really popular," explained Kevin Macnaughton, the team lead for security at the university.

"It was the sort of scam-de-jour of 2020, and it's continued into 2021."

In one example, it looks as though a company like Amazon is emailing the recipient, urging them to act quickly in order to win a $500 gift card — but as Macnaughton points out, there are clues that reveal it's a scam. 

The offer is something unexpected (like a gift card reward), it's urgent (asks you to take action immediately), and inconsistent (unusual content).

Macnaughton points to the Amazon example where in one email, the subject line offers a $500 gift card, but in the body of the message, it's $1,000. Furthermore, once clicking on the link (which Macnaughton warns you should never do), the "z" in Amazon is reversed which is referred to as a "look-alike fake" scam.

These inconsistencies and errors are done on purpose, he explained. 

"They intentionally make mistakes because they want people who don't pay attention to be the ones that fall for it," he said.

"As soon as you see those three clues, you then think the message is suspicious and so you don't click any links or any buttons in the message. All you do is delete it."

Change your password, be aware

However, if you do click the link and realize what's happening, report it immediately, either to your business' IT department, or police in more serious cases, Macnaughton said. 

The university has a web page with information on cybersecurity, plus a tutorial for faculty and staff, but the resources are available to the public as well. 

A surprising scam

2 months ago
Duration 1:14
The University of Windsor's Assistant Director of Information Technology shares a story of a recent scam that took place on campus. 1:14

Pulcer explained that it's important to use unique passwords, different passwords for different websites, and multi-factor authentication — even when it's not convenient.

Not taking these things seriously can lead to heavy consequences, Pulcer explained.

Privacy leaks and loss of money are some of the more obvious ones, but Pulcer added that consequences to your reputation can also occur. 

For example, someone could access your social channels and post something private that could cause damage. 

At a university, research could be stolen. Pulcer said that it's only happened in "small pockets" at the University of Windsor, with no major incidents so far.

This is another example of a phishing scam, where a recipient is urgently being asked to take a survey in order to access a reward, under the guise of a familiar brand. (Submtited by Marcin Pulcer)

Pulcer's IT team receives 200 work tickets a day, with 10 per cent of them security-related. About 200 times a year they deal with compromised accounts, with about a quarter of those leading to significant issues. 

"Having an opportunity to talk about this hopefully affects the Windsor-Essex community as well. And you know, we're able to stop at least one potential incident out there, would be great," Pulcer said.

Macnaughton explained that the university does have anti-span technologies in place to block huge amounts of these scams, but some still leak through, which is why each person needs to be the last line of defence. 

"Technology can't do everything."


Katerina Georgieva is a multi-platform journalist with CBC Windsor. She has also worked for CBC in Toronto, Charlottetown, and Winnipeg.