Microsoft Teams users: watch for impersonation phishing attack

Microsoft (MS) Teams users should be weary of an impersonation phishing attack that is currently circulating. The attack mimics message notifications from the popular communication platform in order to steal Office 365 credentials from unsuspecting users.

The phishing email is usually sent from the display name, “There’s new activity in Teams,” which gives the appearance of a legitimate automated notification from the MS Teams platform. The email falsely notifies the recipient that they have unread messages and prompts them to respond by clicking on the “Reply in Teams” button embedded in the email.

The user is then taken to a fake Microsoft login page where they are prompted to enter their credentials before being able to view the message. These fake Microsoft login pages are said to be well-crafted and therefore very convincing to the end user. Some have even been reported to contain the name “microsftteams” in the URL.

Users can protect themselves from this attack by:

  • Not clicking on link/button in the email if you are unsure. Instead, go directly to the MS Teams app, or log into Teams via your web browser, to read any messages. If the message in the app or browser does not replicate the message notification received by email, then it is highly likely the email was a phishing attempt.
  • Ensuring multi-factor authentication (MFA) is set up for their Office 365 account; for University of Toronto faculty and staff, this is UTORMFA. For more information on how to set up UTORMFA, please visit:

If you suspect you have received a phishing email like the one described here, please report it to

Refresh your security practices with ITS’ resource collection

The University of Toronto (U of T) community has access to a variety of resources and educational materials on the topic of cyber security. Staff, faculty and students are encouraged to use these resources to help spread awareness and educate themselves on cyber security best practices for their workspace (at home or in the office), classroom or academic space.

Interested parties can access this collection of digital materials on the Security Matters Resource page to download quick facts, tip sheets, PowerPoint templates and other shareable, printable materials. Included in this collection are Cyber Security Awareness Month (CSAM) 2020 resources from U of T and the Ministry of Government and Consumer Services.

The growing resource collection covers fundamental cyber security best practices such as:

  • Best practices for keeping your devices secure
  • Safe account and password management
  • Phishing and identity theft awareness
  • Managing your digital footprint
  • Setting up your social media privacy settings
  • Maintaining a secure digital and physical workspace
  • Securing your data while travelling

Browse through the defined sections in the navigation tab for specific resources:

For more information on how you can incorporate these resources into your personal and work life, find us at

Enrol in UTORMFA to protect your accounts and data

If you have ever banked or shopped online, you may already be familiar with MFA — or two-factor authentication (2FA). MFA is a security enhancement that requires two different credentials before granting users access to an account (i.e., your password paired with a code sent to your mobile phone).

Now, a new MFA service — called UTORMFA — is available to University of Toronto (U of T) faculty, researchers, librarians and staff across the tri-campus community. It offers an extra layer of protection to accounts and data as well as enhances the institution’s overall cyber security posture. (See full list of benefits below).

In the context of U of T, MFA is currently in use in the form of an eToken to access HR and financial systems.

How to self-enrol in UTORMFA
U of T faculty, researchers, librarians and staff across the tri-campus community are invited to self-enroll in UTORMFA. For instructions, visit:

Test your campus security skills/knowledge and learn more about how UTORMFA can protect your accounts by playing the new UTORMFA BINGO game! When you complete a line, you are entered for a chance to win one of five $50 Amazon gift cards. Play now!

UTORMFA benefits
Overall, UTORMFA benefits include:

  • Extra security against weak/compromised passwords: In the event that an account(s) is compromised (i.e., hackers gain access to login credentials), UTORMFA will ensure attackers won’t be able to complete the second login step, preventing unauthorized access to account(s).
  • Protection against cyber-attack financial losses: According to IBM Security’s 2020 Cost of a Data Breach Report, data breach incidents cost companies $3.86 million per breach on average.
  • Potential for future technical innovations: Looking ahead, strengthening the University’s overall security posture will also result in more flexible implementations of new business processes and infrastructure solutions for the future


Take a look at the MFA infographic.

For more information, visit the UTORMFA website.

Get to know your Information Security Team: webinar panel

As part of Cyber Security Awareness Month (CSAM) 2020, the Information Security team is hosting a virtual panel discussion, open to University of Toronto (U of T) staff and faculty.

This webinar is an opportunity to meet and hear from Information Security team members who are working on important and innovative initiatives within Information Technology Services (ITS). Panelists will discuss their roles, provide updates on Information Security programs and explain how their collective efforts are impacting cyber security at U of T.

There will also be a Q&A period where attendees will have an opportunity to chat with the panelists and ask follow-up questions.

Panelists include:

  • Carl Chan, senior security information & events monitoring administration
  • Jason Chong, network security specialist
  • Brittani Holder, security analyst
  • Ashley Langille, information privacy analyst
  • Robin Wilcoxen, information risk program coordinator
  • Matt Wilks, senior identity & access management architect

The panel will be moderated by Rishi Arora, business process & information technology analyst, at U of T Mississauga. Additionally, attendees will have an opportunity to hear from the new Associate Director, Information Security, Deyves Fonseca.

Event information

Date: Oct. 21, 2020
Time: 11:00 a.m. – 12:00 p.m.
Location: Microsoft Teams

New program helps staff understand, manage and benchmark information risk

A new program — called Data Asset Inventory and Information Risk Self-Assessment (DAI-IRSA) — is launching this month to help University of Toronto (U of T) staff understand their data assets and information risks and work together to manage them.

Through a partnership between Information Security and Data Governance, DAI-IRSA supports units throughout their data governance and information risk management journey and within a common framework for identifying data assets and risks to those assets. Additionally, each unit’s contributions to this program helps the University understand the shared challenges related to data governance and information risk across the institution. “You can’t govern and protect what you don’t know you have,” explains Jeff Waldman, Manager, Institutional Data Governance, Planning and Budget.

Why is this program important to you?
The DAI-IRSA program provides a simple-to-use toolkit for units to describe their data assets and information risk, specific to their context, and lays the foundation for data governance and information risk management activities. Support is provided throughout the process in a format of the user’s choice, either through structured workshops or self-directed learning opportunities.

Attend the Oct. 28 launch event
A DAI-IRSA program launch event will be held virtually on Oct. 28 at 11 a.m., during which Information Security and Data Governance staff will host a discussion on the program overview and provide information on how to enrol. Consider attending if you are an administrative or IT manager, business officer, Information Security professional or IT professional. Register here.

To learn more about DAI-IRSA, visit or contact

Participate in CSAM: October 2020

The University of Toronto’s (U of T) Information Technology Services (ITS) has educational and fun activities planned for this year’s Cyber Security Awareness Month (CSAM) campaign (throughout October) to help raise awareness in the community about cyber security best practices.

Get the most out of this year’s campaign by taking part in:

Ask Me Anything

Do you have questions about how to protect yourself or your work environment against cyber threats? Do you want clarification on any of the Information Security programs promoted during CSAM 2020? If so, please share them using this form.

Your questions will be answered by the Information Security team and shared in an article once the 2020 campaign ends.

CSAM Trivia

At the end of each week — from Oct. 9 to Oct. 30 — a new set of trivia questions will be released. The questions will focus on the materials released that week and reference links will be provided. For each correct result, the participant will be entered into a raffle to win Amazon gift cards at the end of the month! Stay tuned for weekly announcements.


For a full list of CSAM 2020 activities, visit the events calendar.

Coffee with the CISO — register now!

Students, faculty and staff are invited to meet and engage in conversation with the University of Toronto’s (U of T) Chief Information Security Officer (CISO), Isaac Straley, at a virtual Coffee with the CISO event.

Straley joined U of T in 2018 and he holds the inaugural appointment of CISO at the University. As the CISO, he is responsible for providing strategic leadership and oversight of U of T’s information security and privacy programs. He leads senior technology managers and staff on securing University systems and data assets and implementing practices that meet U of T’s policies and standards for information security. In addition, the CISO identifies, evaluates and reports information security risks to the chief information officer.

As part of this year’s Cyber Security Awareness Month (CSAM) campaign, Isaac is hosting a one-hour session for staff and faculty:

  • Oct. 7 at 2 p.m. (staff/faculty session) — Event ended.
  • Oct. 27 at 11 a.m. (student session) — Register here.

Attendees will join Isaac Straley for an engaging conversation — discussing his role as CISO, data privacy and security and how it relates to our higher education environment. Come prepared with topics or questions that interest you, as these sessions are open conversations between Isaac and the attendees.

As spots are very limited, those who have had the opportunity to engage with Isaac in the past are encouraged to leave a spot for those who haven’t.

October is Cyber Security Awareness Month: get involved

Every October, Cyber Security Awareness Month (CSAM) is recognized by individuals and organizations across the globe. The University of Toronto (U of T) is no exception; Information Technology Services (ITS) hosts an annual tri-campus community CSAM campaign to raise awareness and educate staff, faculty and students about how to protect themselves and their work environments against malicious cyber threats.

With remote working, learning and teaching having become the “new normal” for 2020, this year’s CSAM campaign at U of T will be themed: “Remote Security Matters” and will focus on the programs available to help the U of T community practice online safety.

“Security always matters, but being mobile amplifies the need for innovative security practices to be put into place and communicated,” explains Isaac Straley, U of T’s Chief Information Security Officer (CISO). “This remote lifestyle requires a different approach to how we practice cyber security and is an ongoing effort that we are tackling head-on.”

The campaign will revolve around the programs and services that U of T’s Information Security team have put in place to protect our at-home and on-campus community. In addition to remote security, each week of CSAM 2020 will focus on one of these programs, including Multi-Factor Authentication (MFA), Information Risk Self-Assessment (IRSA), and a new framework for baseline security controls.

“Working and learning both look a little different this year, and we take the responsibility of addressing and educating the community about online safety very seriously,” says Luke Barber, Director of Information & Instructional Technology Services for U of T Mississauga. “We are excited to share the resources and education coming out of the Mississauga campus and through our tri-campus efforts.”

For 2020, CSAM activities at U of T will include virtual activities and events. Highlights of the campaign include:

These activities and events, in conjunction with the various resources that will be released each week, will give the U of T community an opportunity to connect with the ITS team and learn about best practices for remote cyber security.

Visit these pages throughout October for more information and to stay updated on CSAM news and activities:

CSAM is a tri-campus initiative so be sure to visit your local campus IT department website and social media for additional resources specific to your location.