Jan 4, 2017

OneClass Easy Invite Chrome Extension

We have discovered a problem with something called the OneClass Easy Invite Chrome Extension which may result in the theft of any username and password you use for websites and services, including Blackboard and other university and/or commercial/community services.

If you receive an email soliciting enrolment in OneClass, do not click on any links or buttons, and delete the email.

The email may have included a link to install the OneClass Chrome Extension. During the installation, the user is prompted to accept permissions to “read and change all your data on the websites you visit.” If you accepted, a fake button will be created within the Blackboard Portal to “Invite your Classmates to OneClass.” If the button is clicked on, the extension will also attempt to send an email to everyone in your class to promote the OneClass extension.

A copy of the phishing email is below:

“Hey guys, I just found some really helpful notes for the upcoming exams for courses at UofT . I highly recommend signing up for an account now that way your first download is free!”

If you have previously downloaded and installed the OneClass Easy Invite Chrome Extension you should immediately cease using your Chrome browser. Then, using a different browser (e.g., Safari, Internet Explorer, Firefox, etc.) you should change all of your passwords to any services (Blackboard, your online bank account, credit card, email, Facebook, etc.) that you accessed using your Chrome browser with that extension installed.

To change your UTORid (Blackboard) password, please visit: https://www.utorid.utoronto.ca/

To remove the extension:

 1. Open up your Chrome Browser
 2. Select the 3 vertical dots in the top right-hand corner
 3. Select Settings
 4. Select Extensions in the top left-hand corner
 5. Click the Trashcan beside the “OneClass Easy Invite” extension
 6. Select Remove on the Confirm Removal Popup
 7. Close all Chrome windows and go back to the Extensions page to verify the extension has been removed (Steps 1-4)