Edie Kratz, a faculty member at Queen鈥檚 University, starts her day by checking emails. One message immediately grabs her attention:
Subject: 鈥淚mportant - Action Required: Complete Your MyHR Annual Verification鈥
The email looks official, using the Queen鈥檚 logo and color scheme. It claims that Edie must update her personal information in MyHR or risk losing access to her pay statements. The message includes a big 鈥淰erify Now鈥 button and warns:
鈥淔ailure to complete verification in 24 hours will result in restricted access to your account.鈥
Feeling pressured, Edie clicks the link. The page looks convincing at first glance, but it鈥檚 not the real my.queensu.ca portal - though in a rush, she enters her NetID and password.
Seconds later, Edie鈥檚 phone buzzes with an MFA approval request. Thinking it鈥檚 part of the normal login, she taps Approve without hesitation.
That one click gave attackers full access to her account.
Within minutes, the scammers log into Edie鈥檚 Queen鈥檚 account, update her direct deposit details, and try to reroute her pay.
Edie realizes something is wrong when she notices another MFA notification she didn鈥檛 request. Alarmed, she contacts IT Support immediately, and resets her credentials. The IT team locks her account before further damage occurs.
Later, Edie reflects on what happened and learns key lessons about safe browsing and social media use:
- Never click links from unexpected emails - even if they look official.
- Always check the URL: the real MyHR portal is accessed through my.queensu.ca.
- If you receive an MFA prompt you didn鈥檛 request, deny it and contact IT Support immediately.
- Be cautious with personal info online - scammers often gather details from social media to make phishing more convincing.
Key Takeaways:
- Don鈥檛 let urgency trick you. Queen鈥檚 will never threaten to disable accounts in 24 hours.
- MFA fatigue attacks are real. Never approve an MFA request you didn鈥檛 initiate.
- Report incidents fast to IT Support or email phish@queensu.ca.
The Dangers of Social Media
Many of us share aspects of our personal lives on social media, but it's important to remember that cyber threats like phishing scams also exist on these platforms. Remain vigilant when connecting with people through social media, whether you know them in real life or not. Here are a few ways to protect yourself from phishing scams on social media:
- Learn to spot a phishing scam and don鈥檛 click on those unknown links
- Identify a fake friend request and always double check before accepting a 鈥渘ew鈥 friend
- Ignore contests and giveaways that you never signed up for or participated in
- Be mindful of all urgent requests from a friend or family and verify the authenticity of any message by contacting the requestor via another method (such as a phone call)
Social media allows us to connect to others both locally and across the globe, but cyber criminals try to exploit these connections and steal from us. By knowing the signs of cyber threats on social media and how to protect yourself and your accounts, you will be able to connect safely with family and friends.
How Can You Use Social Media Safely?
Think Before You CLICK
Julie receives a message offering a 鈥渟pecial version鈥 of her favourite app. She clicks the link, enters her credentials, and installs the software. Unfortunately for Julie, she just fell for a phishing scam. Scammers now have total access to her device and data.
Don't be like Julie. Instead;
- Never trust unexpected social media messages.
- Don鈥檛 click unknown or unexpected links.
- Only download and install software from verified sources.
- If it sounds too good to be true, it probably is.
Think Before You SHARE
Mark recently live-streamed a party from the office. Unfortunately for Mark, he didn't adjust the security settings on his account and accidentally broadcast proprietary information to the entire world. Also, since geotagging was still on, scammers know the exact time and location of his every picture and post and can easily target him.
Don't be like Mark. Instead;
- Don鈥檛 assume default security settings protect you. Set your information to private where possible.
- Don鈥檛 give away sensitive or confidential information.
- Review and update security and privacy settings quarterly.
- Turn off geotagging to keep your location information private.
- Only share with intended viewers.
Think Before You CONNECT
Tina accepts all connection requests - even from people she doesn't know. She recently connected with her CEO and has been sharing work-related, proprietary information using private messages. Unfortunately, Tina is the victim of a fake profile. Scammers use fake profiles to access information and harm organizations.
Don't be like Tina. Instead;
- Don鈥檛 blindly accept connection requests.
- Don鈥檛 assume the connection is real.
- Don鈥檛 use social media to send sensitive information.
- If a request seems suspicious, verify by contacting the person directly.
- Periodically review and remove unnecessary connections.
Other Resources
This Week's Challenge
Test your knowledge with our safe browsing quiz. Note that you will be prompted to log in with your NetID and password. When you're ready, click the link below to begin the quiz.
This quiz will collect your name, Queen's email address, and NetID to notify winners of where and how to redeem their prize. Your data will not be shared with any other party or used for any other purpose.