If you’ve logged on to Canvas recently, you’ve probably noticed the malware and phishing scam alert linking to a UBC IT bulletin from September 14.
The bulletin warns students of the OneClass Chrome extension, stating that it is malware —malicious software — and has significant risk to students’ personal information should they have it installed.
In addition, UBC IT warns non-users of the extension about phishing emails that have been sent out via this malware through Canvas, inviting others to sign up for a OneClass account through a referral link.
“Hey guys & girls!
Just wanted to let everyone know that you can find study guides and notes for your courses here! Thought I’d share ?
<URL removed>
Good luck studying!“
There have been reports of similar phishing attempts — emails purporting to be from a classmate inviting others to sign up for OneClass — targeted at UBC students in the past both on Facebook and Connect.
It is currently not known exactly what personal data was compromised by this malware and how many students were affected. However, UBC IT asks students who previously installed the OneClass Chrome extension to head over to the bulletin for remediation instructions.
Linda Ong, director of communications at UBC IT, declined to comment on the breach, stating that “this matter is still under investigation.”
The UBC Cybersecurity Team did provide some tips to better spot phishing and malware attempts. They include being cautious of third-party browser plugins that purport to offer “free” notes for upcoming exams, keeping critical software on your computer updated, not reusing passwords between UBC services and other websites, and using a password manager to track credentials where possible.
The Ubyssey did not receive a comment from OneClass despite multiple requests.