Received a suspicious message?

Report a phish

U of T experts discuss cyber security with staff and students

October 31, 2018

Cyber security awareness matters every day -that was the theme of the panel discussion hosted by Information Technology Services (ITS) on Oct. 10 at the Bahen Centre.

An audience of 39 (26 in-person and 13 online) engaged with an expert panel about a range of cyber security-related topics.

The expert panel included Sue McGlashan (information security architect, Information Security and Enterprise Architecture (ISEA)), Alex Tichine (associate director, information security and enterprise systems, Faculty of Engineering and Applied Science)and Carl Chan (senior systems and network analyst, Education Commons, Ontario Institute for Studies in Education). The discussion was moderated by ISEA’s director Mike Wiseman.

Beyond discussing password management best practices and phishing strategies, the group grappled with inconsistencies in information security policies and practices of the organizations they encounter in their everyday lives. One audience member questioned whether his personal information was safe when submitting job applications online and another pointed out that even Canada Revenue Agency (CRA) is inconsistent in its methods of communication (phone calls vs. emails), which can be confusing for wary tax payers.

The panel advised confirming the validity of all communications at the source. For example, if applying for a job, contact the HR department of the organization to confirm the application process. For tax inquires, they recommended calling the official CRA phone number to confirm the legitimacy of any suspicious messages.

View the entire panel discussion here.

Though Cyber Security Awareness Month has come to an end, we hope that the U of T community will continue to incorporate cyber security awareness into their everyday lives. To learn more, visit the Security Matters website.

Google Plus shuts down following data breach

October 24, 2018

On Oct. 8th, 2018, Google Plus announced it is shutting down its social network for consumers, citing a security breach that may have affected up to 500,000 user accounts.

This closure comes on the heels of a Wall Street Journal report that Google failed to disclose the breach, which exposed users’ names, email addresses, occupations, gender, age and contacts, for months.

According to Google’s blog post, it did not disclose the security issue back in March 2018 when it was first discovered because there was no evidence that any developer was aware of this bug or abusing the application program interface (API).

Google Plus also indicated it would operate until August 2019 to allow its users the opportunity to download and migrate their data.

Earlier this month, there was a similar data breach disclosed by Facebook – read about it in the Security Matters blog.

October is Cyber Security Awareness Month, discover more best practices for staying safe online by visiting the Security Matters blog.

[Phish] Hi

October 22, 2018

Details:

  • From: [redacted] <rma@execstier.ca>
  • Subject: Hi

Text:

Are you available? I need you to personally run a task for me ASAP as I am caught up in meetings. Just reply my Emails and let me know if you can get this done right now as I cannot make or receive call right now due to the meeting.
Regards,

Professor [redacted].

[Phish] HELLO

October 22, 2018

Details:

  • From: [redacted] <[redacted]@my.com>
  • Subject: HELLO

Text:

[Redacted] Are you free at the moment?


Best Regards,

[redacted] sent from my IPhone

[Phish] Re: Hello

October 22, 2018

Details:

  • From: [redacted] <[redacted]1utoronto@yahoo.com>
  • Subject: Re: Hello

Text

Hello [redacted] I’m in a meeting right now and that’s why i’m contacting you through here. I should have call you, but phone is not allowed to be use during the meeting.I don’t know when the meeting will be rounding up, And i want you to help me out on something very important right away.

Regards,
[redacted] [redacted] [redacted] [redacted] Toronto, ON, M5S 3G6
Hours: M-F 8:45am – 5:00pm
P: [redacted]

Cyber-criminal scams often target youth and seniors

October 18, 2018

This October, during Cyber Security Awareness Month, we encourage you to protect your personal and the University of Toronto’s sensitive data. However, we also want to remind you to take cyber security knowledge home and share it with your family members -some of whom may be especially vulnerable to cyber-attacks. Often those most exposed to these types of scams are youth and seniors.

As tweens and teens join the digital world they need to learn about how the content they put on social media can be used for nefarious purposes. For example, young people should be reminded to never reveal their home or school address online. A handy motto to teach young children, including siblings, is: share with care.

Seniors are also often targeted by scammers. Recently, the Toronto Star reported on the grandma scam, which entails someone calling a senior claiming to be their grandchild and asking for money. Cyber criminals will use fear and urgency to pressure seniors into complying with scams. Teach your loved ones to think twice before responding to an unexpected request. For example, advise them to contact a trusted family member or neighbour to confirm the validity of unusual request(s).

This month help protect the vulnerable people in your life through education and awareness. To download resources and learn more about cyber security visit: securitymatters.utoronto.ca.

Information security pop-up booth engages students at UTSU street festival

October 17, 2018

On September 12, under sunny skies, another University of Toronto Students Union (UTSU) street festival took place along St. George Street. In the midst of the excitement, we had the pleasure of hosting our security matters booth, a collaboration between Information Technology Services’ (ITS) education and awareness team and information security and enterprise architecture (ISEA).

More than 200 students stopped by our booth to chat about information security and collect educational and security-themed swag – our webcam cover was particularly popular! Web cam covers can protect users from being watched by unwanted viewers through their device’s camera. About 155 of our visitors participated in the “Catch the Phish” challenge: find 10 signs of a phish in 30 seconds. We also sent 48 lucky winners home with specially branded power banks.

This October, students, staff and faculty members can participate in more information security-themed events during Cyber Security Awareness Month. Visit our website and social media channels to stay up-to-date on upcoming activities.

Security Matters

U of T’s information security awareness & education initiative

Twitter: @UofTCyberAware
Facebook: @UofTCyberAware
Instagram: @UofTCyberAware

Survey: share your cyber security experiences

October 17, 2018

This year alone, the cost of cyber crime is estimated at $1.5 trillion, while the revenue for cyber criminals reaches $4.5 trillion[1].

We want to hear from University of Toronto (U of T) staff and students about your experiences and knowledge related to information and cyber security.

Please take a couple minutes to fill out our surveys below. Submissions will be open until October 31st.

Student survey

Staff survey

This data will help identify recent and relevant cyber security incidents faced by the U of T community and help inform future activities to reduce the events of potential cyber crime and keep students and staff safe.

Visit Security Matters blog for resources, tips and news related to how to incorporate information safety into your daily practices.

 

 

 

 

 

 

 

[1] Nunnikhoven, Mark. “Are We Setup to Fail.” SecTor – IT Security Conference video, 3:00. October 3, 2018.

2018 Cyber Security Awareness Contest

October 11, 2018

Calling all aspiring artists and marketing mavens… It’s time to get creative with cyber security awareness!

To celebrate Cyber Security Awareness Month (October), the education and awareness team is hosting a contest from Oct. 11 to 31, on behalf of the entire Information Technology Services (ITS) division.

Prizes will be awarded to the top two winners. The winners’ work will also be showcased to the University of Toronto (U of T) community.

Contest Details

Produce a creative piece(s) that can be featured by the education and awareness and information security teams in outreach marketing efforts to help keep you, your peers and the University’s data secure.

Audience

Open to all U of T students, faculty and staff.

Categories

  • Poster
  • Bookmark design
  • Social media post/banner

Specs/Dimensions

Resolution

  • 300 dpi or vector format

Posters

  • Dimensions: 1920px x 1080px
  • Formats: PNG (300 DPI), JPG (300 DPI), SVG, EPS, PDF

Bookmarks

  • Dimensions: 3.5″x 8.5″
  • Formats: PNG (300 DPI), JPG (300 DPI), SVG, EPS, PDF

Social media

  • Facebook
    • Cover: 820px x 312px
    • Post: 940px x 788px
    • Formats: PNG, JPG
  • Twitter
    • Header: 1500px x 500px
    • Tweet: 1024px x 512px
    • Formats: PNG, JPG
  • Instagram
    • Post: 1080px x 1080px
    • Format: JPG

Prizes

1st Prize = $100 Amazon.ca gift card

2nd Prize = U of T Bookstore “goodie bundle” ($75 value)!
Includes:

  • Unisex U of T ball cap
  • Tritan sports bottle (240oz)
  • Assortment of U of T-branded stationery items

Plus… Winners will receive recognition on the Security Matters website and their work may be highlighted on select U of T’s ITS-related websites, social media channels, print materials and/or printed for display around campus.

Judges

  • Panel members from ITS.

Deadline

  • Oct. 31, 2018 (end of business day).

Rules/Regulations

  • Text must include the following information:
    • Security Matters Every Day
    • @UofTCyberAware
    • Securitymatters.utoronto.ca
  • Optional: Text content may also include information from our tip sheets and websites – ITS and Security Matters.
  • Entries must not have been previously published, either in print or online, been accepted for publication elsewhere.
  • Creator must allow U of T rights to modify submission(s). This includes placement of the official U of T logo on artwork.
  • Multiple entries are allowed.

Submit

Please use our online submission form to submit your work.

Contact

If you have additional questions, please email: its.eda@utoronto.ca.

Examples

Bookmark

Sample bookmarks

Poster

Sample posters

Social media banner

Sample banners for Facebook and Twitter

Cyber Security Awareness Month tip sheets

October 10, 2018

In today’s connected world, everyone can benefit from incorporating small cyber security practices into their daily lives. Keeping your work and personal information safe from cyber criminals accessing, changing and/or destroying it is everyone’s responsibility.

For example, did you know that the most common way to spread malicious software is through attachments? Stop, think before opening that unexpected file or picture – ask your friend or your classmates if it is real. Forward emails with suspicious links and attachments to: report.phishing@utoronto.ca.

For more tips on how to spot phishing emails, browse the web safely and how to keep your information secure while at work and during travel, check out our tips sheets.

The ITS education and awareness Security Matters blog also offers additional resources tailored to university staff, students and faculty members’ particular habits.

If you have any questions and/or feedback, please contact us at its.eda@utoronto.ca.