Received a suspicious message?

Report a phish

Facebook data breach aftermath: how to protect yourself

October 10, 2018

On Sept. 28, 2018, Facebook experienced the largest data breach in its history, allowing hackers access to approximately 50 million users’ accounts. The attackers exploited bugs in the “view as” feature, which gave them access and potential control of the accounts.

In most cases of a data breach, it is difficult to tell whose credentials were compromised and what kind of personal information was leaked. With Facebook, the breach may have even affected third-party applications that use the Facebook Login; this is still unconfirmed.

Take precautions following a hack

In the event of a data breach, it is always recommended that you change your password and change your recovery questions. In cases like Facebook, your account name is usually your email address, so it’s recommended that you change the password and recovery questions of your Facebook account and also of your email account associated with it.

It is also important to remember that a breach in one social network may compromise another, and will if you use the same password and account name. If you re-use passwords, or you cannot remember, change all your social media passwords and recovery questions. For example, a data breach at Facebook could compromise your Instagram account too. If you were affected, it’s wise to take extra precaution and change all your social media passwords and recovery questions.

October is Cyber Security Awareness Month. You can find more best practices for staying safe online by visiting Security Matters.

Be on alert – it’s Cyber Security Awareness Month

October 1, 2018

October 1, 2018

October is national Cyber Security Awareness Month and the Information Technology Services (ITS) division is spreading the word to the University of Toronto (U of T) community.

Students, staff and faculty are all invited to join in a number of activities that will help keep you, your data and the university secure.

Get involved through:

Be sure to continue visiting the Security Matters website throughout the month for updates on Cyber Security Awareness Month information and events.

Our digital world is expanding at rapid speed and with this advancement comes increased concern of viruses, malware, phishing attempts and more. That’s why cyber security awareness must be built into our daily mindset and practices – not just right now, but year-round.

If you suspect a phishing attempt/malicious email contact us at: report.phishing@utoronto.ca.

*Submit your questions for the Oct. 10 panel discussion to: its.eda@utoronto.ca.

Check out our social media at:
Twitter: @uoftcyberaware @ITSUofT @bjuul
Instagram: @uoftcyberaware @ITSUofT
Facebook: @uoftcyberaware @ITSUofT

Hashtags:
#CSAM
#Securitymatters
#Securitymatterseveryday
#CyberSecurity
#Nophish
#cyberaware
#infosec
#cybercrime
#UofTcyberaware
#Cybersecurityawareness

[Phish] Payroll schedule is available

September 19, 2018

Details:

  • From: UToronto <255500J@curtin.edu.au>
  • Subject: Payroll schedule is available

Text:

1 New Notification Regarding Your 2018 Payroll

https://www.utoronto.ca/payr0ll/2018/

Copyright © 2018 University of Toronto

[Phish] Swift response

September 18, 2018

Details:

  • From: [Redacted]<greysm211@gmail.com>
  • Subject: Swift Response

Text:

[Redacted],

How are you doing? There is something I need you to help me with, let me know if you are available so I can give you the details.

Regards
[Redacted]

Canadian Revenue Agency impersonation scams are on the rise

September 10, 2018

Recent reports including one from 680 News indicate that the Canadian Revenue Agency (CRA) received more than 10,000 complaints regarding fraud, and 688 people reported being defrauded $2.7 million from malicious people impersonating the CRA.

The attacks are very effective because they elicit panic and fear, give the victim very little time to perform tasks, and threaten penalization if the victims don’t comply. These attacks often occur through email; however, phone calls and text messages also used to target potential victims. If you want to learn more about spotting phishing emails, and how to protect yourself, you can view similar attacks that target our University on our security matters website.

The CRA will never threaten legal action, ask for gift cards, or use an aggressive tone with harsh disciplinary language. The CRA would also never request payment through money service businesses, iTunes gift cards, or bitcoin. If you think you or someone you know has been a victim of fraud, contact the Canadian Anti‐Fraud Centre at 1‐888‐495‐8501 or report it online at antifraudcentre.ca.

If you would like to learn more, visit the CRA fraud prevention website.

If your U of T email has received a phish, please report the email to report.phishing@utoronto.ca.

 

[Phish] Suspicious login noticed

August 24, 2018

Details:

  • From: Royal Bank Of Canada <no-reply@rbcroyalbank.com>
  • Subject: Suspicious Login Noticed.

Text:

We detected something suspicious about a recent login to your online account. For your security, we locked your account and stoped all pending transactions until we are able to verify your recent account activities.

To unlock your account,we request you LOGIN NOW and follow the instructions.

Faliure to verify your account within the next 24 hours, your account may be closed and your balance – plus all interest earned will be lost.

Sincerely,

Customer Service

Email ID: 327

Reporting phishing attempts is everyone’s responsibility

August 16, 2018

In a large organization like University of Toronto (U of T), information security is everyone’s responsibility. Phishing is a fraudulent act of acquiring sensitive information (usernames, passwords, credit card information and more) through email, phone calls and text messaging. Everyone is responsible for recognizing and reporting these threats.

Phishing attempts should be reported quickly because a successful scam could lead to an organization-wide security breach. For example, if an employee of an organization enters their account credentials into a fake login portal their account could then be used to phish other employees or even external contacts. By targeting not only the organization but also the organization’s external contacts, a security breach can increase rapidly.

Phishing attempts can sometimes be identified by the use of out of place or awkward phrasing, typos and/or poor grammar. Many attempts will include unusual emotional triggers that emphasize urgency, fear or disciplinary action. The attacker wants sensitive information quickly, and won’t want to give you time to think or confirm.

Always keep in mind that some phishing attempts are very well crafted – remember that the desired result is to trick you into giving away information, such as your login credentials.

Below are some of the best practices many industries and organizations use to avoid security breaches.

  • Emails that contain hyperlinks should be checked to see if the blue text has an embedded URL that leads to a trusted destination.
  • For emails that come from external sources, never click on links, and always manually navigate to the website. Government organizations like the Canada Revenue Agency (CRA) will never ask for credentials or send you links.
  • Use different passwords for each of your accounts, especially for work-related accounts. If one account is compromised, you don’t want to compromise all of your accounts.

You can report any suspicious emails to report.phishing@utoronto.ca.

To learn more, visit our security blog at securitymatters.utoronto.ca.

We have resources available for students, staff, faculty and IT professionals.

Here are some more tips on how to avoid identity theft and keep your accounts safe.

[Phish] Urgent server upgrade

August 9, 2018

Details:

  • From: University of Toronto Web Admin <help.desk@utoronto.ca>
  • Subject: Urgent Server Upgrade

Text:

Due to our recent server upgrade, all registered faculty/staff and students of webmail service are to update with their webmail account information immediately.

Some of these problems will be solved:

  • Problem when logging in via the Central Authentication Server (CAS).
  • Frequent login errors and delayed e-mail delivery.
  • To prevent Spam and Phishing.

You must provide your account identities below, to allow our open source webmail upgrade to the new UTORexchange and UTmail webmail client.

To update your profile, please send the following:

  • Full name:
  • UTORid / JOINid:
  • Full Email:
  • Password:
  • Confirm Password:
  • Department:
  • Mobile number:

If you do not specify your valid information, your account will be temporarily disabled from our server.

(Phone / Mobile number is used to contact you for your new password reset)

 

 

© University of Toronto | Publishing Information | Privacy policy

[Phish] Senior official spear-phish

August 8, 2018

Details:

  • From: [redacted]
  • Subject: [redacted]

Text:

Are you free right now? I’ll need you to run a task ASAP.

P.S: I’m busy at the moment and can’t talk but will lookout for your reply.

Thanks

I need you to get some gift cards, which are to be sent out in about 45mins. How soon can you arrange them so I can tell you what product and denomination would be needed?

Thanks

You can get it from a bookstore or any store around. I need Apple iTunes Gift Cards of $100 face value. I need 5 of the cards, that’s $100 X 5. $500.

NB: Get the physical cards and scratch out the back and send me pictures of the codes here.

Get back to me with the pictures of the cards showing the code.

[Phish] Parking ticket reminder 39345008

August 1, 2018

Details:

  • From: Parking Ticket <billing@christiancinque.com>
  • Subject: Parking Ticket Reminder 39345008

Text:

Parking violation notice

The City of Toronto records indicate that a parking tickets issued to the vehicle described below has not been paid. this fines and applicable penalty charges area past due and must be paid within the next 14 calendar days. Driving Records show that you are/were the registered proprietor at the time this vehicle was cited. Consequently you are legally responsible for responding to this notification.

Ticket Number Violation Type Reduced Amount   Total Amount
39345008 No Stopping Zone $22.00 $25.00
39345783 Wrong Colour Zone $22.00 $25.00
TOTAL: $50.00

View photos taken by the bylaw officer who issued your ticket here.

Canada Parking Global Service

© Copyright 2018 Canada Parking Global Service

Terms and Conditions | Contact Us

We have sent a request to your email address receptn@chem.utoronto.ca

If you have received this message by mistake or you have chosen not to subscribe, then disregard this message or unsubscribe.