March 19, 2020 – special advisory on phishing messages

In response to the rapidly changing COVID-19 situation, the University has seen an increase in targeted phishing attacks and scams. These attempts are becoming more sophisticated and polished.

Some of these messages are crafted to look like urgent appeals to help with COVID-19 responses or appear to have the signature of a senior leader at the University of Toronto. This includes messages seemingly from high-level University administrators, executives, and managers within academic and administrative units.

Recent targeted phishing attempts include:

  • Requests for COVID-19 money donations or app downloads that look like information sharing;
  • Warning messages that appear to come from leaders/managers stating that your email, library or other U of T email account is about to expire; and
  • Requests from senior leadership asking for immediate help (“Are you available?”), followed up by an unusual request (“Can you go get me some gift cards?”).

Be aware of incorrect email addresses and subject lines with a sense of urgency, for example:

What to do if you suspect a phishing attempt:

  • If you suspect your password may have been compromised, immediately change it;
  • Report phishing messages to report.phishing@utoronto.ca; and
  • When in doubt or if you opened an attachment that was provided in a phishing email, reach out to your local IT service desk immediately.

Thank you for your support as we work together to keep our tri-campus community members safe and University-related online information secure.

Thank you,

Isaac Straley
Chief Information Security Officer (CISO)

Jan. 27, 2020 – CRA scam targets university communities

I am writing to advice you of an email scam circulating from what appears to be the Canada Revenue Agency (CRA). This current scam is targeting student, faculty and staff at universities across the country. It states that a tax credit is owing to recipient and requests a response in order to receive the refund.

Given that we are in the midst of tax season, more of this type of activity may appear in the coming weeks and months. While the Information Security team and your local IT are working together to reduce the amount of scam emails you receive, it’s recommended that everyone remain vigilant when dealing with electronic communications.

If you are concerned that you may have shared your personal information (e.g., social insurance number (SIN) or credit card number) with a scammer, the CRA advises you contact the police. If your SIN has been stolen, you should also contact Service Canada at 1-800-206-7218. Visit their website for more information: www.canada.ca/en/employment-social-development/services/sin.html.

If you are concerned that you have shared banking information, please contact your bank.

What to do if you suspect a phishing attempt/attack…

  • If you suspect your password may have been compromised, immediately change it.
  • If you receive a phishing message(s) and are using U of T Office 365/UTMail+, please report it using the “report message” function in your inbox. Otherwise, please report it to: report.phishing@utoronto.ca
  • When in doubt about the legitimacy of an email, call or ask the sender in person to confirm if they sent the email.
  • If you opened an attachment that was sent in a phishing email, reach out to your local IT service desk immediately.

Thank you for your support as we work together to keep everyone safe and secure online.

Isaac Straley
Chief Information Security Officer
University of Toronto

July 26, 2019 – special advisory on phishing messages

Recently, the University of Toronto (U of T) has seen an increase in targeted phishing attempts and attacks. These phishing attempts and attacks are becoming more sophisticated and polished. Some of these emails are crated to look like urgent appeals for action from the signature of U of T leadership, including from high-level University executives, leaders and managers within academic and administrative departments. This includes fraudulent emails that appear to be sent from President Meric Gertler. U of T leaders’ signatures are being copied (from legitimate emails), their sign-off phrases and writing styles are also being mirrored and used by cyber criminals.

Recent targeting phishing attempts/attacks include:

  • Urgent emails with memos attached from leadership
  • Warnings that appear to come from leaders/managers that your email, library or other U of T account is about to expire
  • Requests for immediate help (“Are you available?”), followed up by discussion (“Can you go get me some gift cards?”)
  • Requests for changes to financial arrangements, especially banking or payment to creditor

Look out for incorrect email addresses and a sense of urgency

An example of email headers with incorrect addresses and a subject line with a sense of urgency

What can you do if you suspect a phishing attempt/attack?

  • If you suspect your password may have been compromised, immediately change it
  • Please report phishing messages to report.phishing@utoronto.ca
  • When in doubt, call or ask the sender in person to confirm the email was really from them
  • If you opened an attachment that was provided in a phishing email, reach out to your local IT service desk immediately

Thank you for your support as we work together to keep all of us and our information safe and secure online.

Sincerely,
Isaac Straley
Chief Information Security Officer (CISO)

Special Advisory on phishing messages

Recently, the University of Toronto (U of T) has seen an increase in targeted phishing attempts and attacks. These phishing attempts and attacks are becoming more sophisticated and polished. Some of these emails are crafted to look like urgent appeals for action from the signature of U of T leadership, including from high-level University executives, leaders and managers within academic and administrative departments. This includes fraudulent emails that appear to be sent from President Meric Gertler. U of T leaders’ signatures are being copied (from legitimate emails), their sign-off phrases and writing styles are also being mirrored and used by cyber criminals.

Recent targeting phishing attempts/attacks include:

  • Urgent emails with memos attached from leadership
  • Warnings that appear to come from leaders/managers that your email, library or other U of T account is about to expire
  • Requests for immediate help (“Are you available?”), followed up by discussion (“Can you go get me some gift cards?”)
  • Requests for changes to financial arrangements, especially banking or payment to creditor

Look out for incorrect email addresses and a sense of urgency

What can you do if you suspect a phishing attempt/attack?

  • If you suspect your password may have been compromised, immediately change it
  • Please report phishing messages to report.phishing@utoronto.ca
  • When in doubt, call or ask the sender in person to confirm the email was really from them
  • If you opened an attachment that was provided in a phishing email, reach out to your local IT service desk immediately

Thank you for your support as we work together to keep all of us and our information safe and secure online.

Sincerely,

Isaac Straley
Chief Information Security Officer (CISO)