Received a suspicious message?

Report a phish

11 units engaged in Security Awareness and Training Foundations Project Phase 1

September 26, 2023

On Sept. 19, staff members from various tri-campus units came together to acknowledge the work they are doing to advance information security awareness at the University of Toronto. These members have been championing security awareness by onboarding their units onto the Security Awareness and Training (SAT) institutional platform. The gathering was an opportunity to recognize their efforts and build tri-campus security awareness support.

This event also marked the end of Phase 1 of the Security Awareness and Training (SAT) Foundations Project. Recognizing the importance of information security, 11 units from across all three campuses took part in the Phase 1 pilot, where they completed comprehensive training modules on the SAT platform. These modules covered a wide range of topics, from identifying phishing attempts to safeguarding sensitive data. The feedback from this phase will help inform future phases.

Here is the list of participating units:

  • University of Toronto Mississauga
  • University of Toronto Scarborough
  • Faculty of Pharmacy
  • Faculty of Kinesiology and Physical Education
  • Faculty of Applied Science and Engineering
  • Faculty of Arts & Science, IITS
  • Faculty of Arts & Science, Computer Science
  • Department of Medicine
  • Information Security, ITS
  • Freedom of Information and Protection of Privacy Office
  • Faculty of Arts & Science, Munk School of Global Affairs & Public Policy

These participating units were awarded plaques to thank them for their commitment to building a more secure and resilient community.

Completion of this phase brings us one step closer to our goal of equipping the U of T community with the knowledge needed to protect themselves and thus the University against security threats.

The team now moves onto Phase 2, which will run from October 2023 to March 2024. During this phase, appointed staff from participating units will be onboarded to the project. The project team is also providing a prize incentive to the first 20 units to join the program and the first 50 participants to complete the training.

For more information, contact Ben Akhirevbulu, Project Manager, at benjamin.akhirevbulu@utoronto.ca.

[Phish] (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

September 18, 2023

Details:

Subject: (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

Microsoft 2FA Policy

Dear user ,

Your authenticator session is expiring today, Kindly re-authenticate to avoid being locked out of your email account.

Quickly Scan below QR Code with your Smartphone camera to re-authenticate your password security.

*malicious QR code*

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or may otherwise be protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachment thereto

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Navigating the world of ChatGPT: Cyber security risks and awareness

September 18, 2023

The Ontario Cyber Security Centre of Excellence recently published an article about the artificial intelligence (AI) chatbot ChatGPT, capable of human-like conversations and performing tasks such as generating content ideas and simplifying complex topics.

However, there are significant cyber security risks associated with ChatGPT. These include the potential for malicious code generation, crafting convincing phishing emails, privacy concerns and more.

Users are advised to exercise caution and be cyber aware when interacting with ChatGPT, as it may provide inaccurate information. To stay safe online, remember to report suspicious emails, avoid sharing sensitive data and stay updated on social engineering tactics.

In an era where AI like ChatGPT is becoming increasingly integrated into our daily lives, it is crucial to balance its benefits with a proactive approach to cyber security.

To read the article, visit the Cyber Security Centre of Excellence website.

 

Strengthening security awareness: Inviting appointed staff to lead the way

August 14, 2023

In June 2023, the University launched the Security Awareness Training (SAT) Foundations project as part of the broader Security Awareness and Training Program (SATP).

Co-led by Raphaelle Gauriau, Manager, Information Security Strategic Execution, ITS and John Stewart, Information Security Program Manager, I&ITS, U of T Scarborough, the project aims to provide U of T staff, librarians and faculty with baseline training to help improve their knowledge about essential information security topics and threats.

“In an ever-evolving digital landscape, equipping ourselves with the right tools and knowledge is important to keeping our people, data and systems secure and safe. We are hoping the U of T community will join us in this journey to collectively strengthen our digital resilience,” said Raphaelle.

Following the successful launch of phase one, the team is now inviting all tri-campus units to participate in phase two of the project. During this phase, appointed staff from participating units may be onboarded to the project.

Phase two will run from September 2023 to March 2024.

By engaging in phase two, units will have access to comprehensive training modules, thoughtfully designed to be both engaging and informative. These modules cover a wide range of topics, from identifying phishing attempts to safeguarding sensitive data.

The first 20 units to join the program and the first 50 participants to complete the training will have an opportunity to win exciting prizes.

“We are excited to extend the SAT Foundations project to all tri-campus units. Information security is a collective responsibility and by empowering individuals with baseline training, we can collectively build a more secure digital future,” expressed John.

How can units join the project?

Interested units can reach out to Ben Akhirevbulu, Project Manager.

For more information, visit the SAT Foundations web page.

University of Toronto’s Information Security Strategy released

July 31, 2023

The Office of the Chief Information Security Officer has officially released the University of Toronto’s Information Security Strategy.

“The strategy was developed through a community-driven approach, involving extensive consultation with academic and administrative units and incorporates the voices of several community members. I thank everyone who contributed to this effort,” said Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

The strategy provides a shared direction and approach for the evolution of information security and privacy at the University over the next four years. It is meant to empower and enable units, including divisions, departments and researchers, to identify and drive their discipline-specific priorities within the larger constructs of the strategy.

“Release of the strategy is just the beginning. Success depends on all of us coming together to drive real change,” said Isaac Straley, Chief Information Security Officer. “I look forward to working with you towards our shared vision for information security at U of T. We are secure together.”

[Phish] CAMPUS RECRUITMENT AT THE UNIVERSITY OF TORONTO

July 27, 2023

Details:

Subject: CAMPUS RECRUITMENT AT THE UNIVERSITY OF TORONTO

Hello Selected candidate,

We received your resume application via the University recruiting department, offering a part time position for all students and staff, this will only require 1-2hrs 3 days a week, no work experience or skill is required. You can make $650 weekly without affecting your regular activities and academics

 

To Apply, kindly follow the link or email/text below

 

*Malicious link*

Administrator

*Malicious website link*

UofT Employee Self-Service

 

If you have received a suspicious email:

  • Please report it to report.phishing@utoronto.ca.
  • Delete the email immediately from your mailbox.
  • Don’t click any links, download attachments or engage with the sender.
  • Please do not forward or share the email with your colleagues and other contacts.

Learn more about what to do if you suspect a phishing attempt.

[Phish] UTSU Cyber Security: Duo Security Form Urgently Needed

July 5, 2023

Details:

Subject: UTSU Cyber Security: Duo Security Form Urgently Needed

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing. Failure to comply will result in blocking your UofT campus email address with immediate effect.

Register here *malicious link*

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: A push request/code will be sent to your device to confirm your login credentials, you will accept the push request on your device/send me the code once we contact you via text message.

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Beware of MFA fatigue

April 25, 2023

Scammers use social engineering tactics to gain access to organizational systems and cause data breaches. One tactic that has increased recently is MFA fatigue, which overwhelms users with continuous MFA notifications (such as the UTORMFA Duo Mobile prompts) until they approve the login request to stop the surge of notifications being sent to their devices.

How to protect yourself from MFA fatigue

  1. If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.
  2. Immediately change your UTORid password and contact the IT Helpdesk for additional recommendations.

Additional resources for digital safety

[Phish] UTSC Duo Security Update: All Students Should Apply Now

April 25, 2023

Details:

Subject: UTSC Duo Security Update: All Students Should Apply Now

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing

Register here {Malicious link}

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: Do Not Reply Back to this email

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Guidelines on privacy and security for mobile apps

March 14, 2023

Concerns over the security and data-collection practices of mobile apps, including social media platforms, have been making headlines lately. University of Toronto staff, faculty, librarians and students are encouraged to review best practices for personal security and how to reduce the risks.

To help, the Office of the Chief Information Security Officer has put together guidelines and quick tips to reduce the risk for our U of T community on both personal and University-owned devices. View the guidelines here: https://uoft.me/guidelines-mobileapps.

These guidelines will evolve as new information becomes available.