Malicious email: Beware of emails with MS OneNote attachment
The education network is currently facing a large wave of fraudulent emails with a Microsoft OneNote attachment containing Qakbot malware. The impact of an infection by this malware is high, so the IT Information Security department has taken the precaution to block emails containing these attachments when they originate from an external source (e.g. come from a non-McGill email address).
We recognize that there will be cases where people may need to receive legitimate OneNote files from external sources who do not have a McGill email address. As a workaround, we recommend you:
- create a folder in your OneDrive where the file(s) should be stored. Make sure to remove access once you no longer need to collaborate with them. For more information, see Sharing a document with Microsoft 365 – choosing the right solution;
- ask the sender to use alternative Share or Export features offered by OneNote. Learn more here: Sharing OneNote notebooks.
If you have received such an email before the block came into effect : DO NOT open the attachment and delete the email immediately.
As a general rule, ALWAYS BEWARE of any email containing links or attachments coming from unknown individuals or organizations.
These scams are fraudulent attempts to gain access to your personal information, or steal your McGill credentials for further malicious use. If you already clicked on a fraudulent link or attachment and submitted any personal information, you should call the IT Service Desk at (514) 398-3398 as soon as possible. If no one is available to take your call you should change your McGill Password immediately. See the McGill Password Reset Checklist for instructions. It is still important to follow up with the IT Service Desk after resetting your password to ensure that all the necessary actions have been taken.
You can quickly report a suspicious email by using the Report Message, Report Junk, or Report Phishing buttons in any Outlook app, including Outlook on the web (https://outlook.com/mcgill.ca).
Note: If the email is already in your Junk Email folder, you do not need to report it.
For more details, see Report suspicious emails.
