Received a suspicious message?

Report a phish

Protect yourself from tax-related scams

March 14, 2023

Canadians lose millions of dollars in various scams and fraud every year, according to the Canadian Anti-Fraud Centre.

A tax-related scam is when a fraudster poses as an authority figure, usually as a CRA or Service Canada agent, to try to scare people into complying with their demands. These scams are designed to frighten people into engaging with the fraudster to make payments via money service businesses, pre‐paid cards, gift cards or Bitcoin.

Check out the infographic below to learn more about tax scams and how you can protect yourself and your loved ones.

Infographic with tips for protection from tax-related scams

Content of the infographic: Tax scam awareness tips

Use this guide to identify tax scams and learn how to protect yourself.

How do tax scams work?

  • A scammer contacts you claiming to be a government official and states that you have:
    1. A compromised Social Insurance Number (SIN) number
    2. Committed financial crimes
    3. Outstanding cases against you
  • The scammer threatens you that if you don’t speak with them immediately, you will be arrested, fined or even deported from Canada.
  • The scammer then requests personal information or payments through various financial services.

How can I protect myself from tax scams

  • If you received a suspicious email relating to the CRA or tax filing, follow the steps to identify a phishing email and report it immediately to report.phishing@utoronto.ca.
  • If you are concerned that you may have shared your personal information with a scammer, the CRA advises you to contact the police immediately.
  • Stay aware of tax-related communications by phone, mail, text message or email. Don’t give out personal information, including financial information or login credentials to unidentified personnel.
  • When in doubt, always log in to your CRA account through a trusted browser or call CRA’s Individual Income Tax Enquiries line at 1-800-959-8281.

Visit the CRA scam prevention website for more tips.

View the infographic in higher-resolution.

Visit the Security Matters website to learn more about how to protect yourself online.

Additional resources

 

Information Security and FIPPO informs U of T community how to protect student information

February 17, 2023

On Jan. 25, over 370 University of Toronto staff and faculty from across the tri-campus community gathered online for a virtual panel event to learn how to protect students’ information and reduce the risk of data compromise or loss. The event was hosted by Information Security and Freedom of Information and Protection of Privacy Office (FIPPO) as part of the Data Privacy Day campaign.

Isaac Straley, Chief Information Security Officer and Rafael Eskenazi, Director, FIPPO provided practical tips for protecting information and resources available at the University to support faculty and staff in meeting their responsibilities.

“Data Privacy Day acts as a reminder to educate ourselves more about who has access to our personal information and how it is being used. U of T has many resources available to inform and educate our community about protecting information and security. We hope this event provides an excellent opportunity to take stock of and evaluate both personal and institutional security and privacy,” said Isaac Straley, CISO.

The event began with a joint presentation by Isaac and Rafael and was followed by a lively Q and A session where attendees were provided with information and resources related to data classification, remote working, importance of reporting privacy breaches and more.

“Protecting any data or identifiable information is crucial for safety and for security reasons. I’m glad to be a part of this event to help our community understand what they need to do to prevent privacy problems, handle personal and confidential information safely, securely and legally,” said Rafael Eskenazi, Director, FIPPO.

Key takeaways from the event:

  1. If you work closely with personal information (students, staff or faculty), remember to only share it with individuals who need it for official University duties.
  2. The University uses a multi-level scheme to classify data according to their sensitivity. These classifications help you identify what kind of security and sharing is possible with each type of data. Learn more about data classification.
  3. Keep your computer and digital systems updated by following the University’s IT guidance and use only secure, approved University systems.
  4. Enrol in multi-factor authentication services such as UTORMFA and familiarize yourself with the remote work guidelines and FIPPO remote work guidance while working remotely.
  5. The University has a comprehensive tiered privacy breach protocol, which it will engage immediately in case of privacy breaches. If you become aware of or think that there might be a possible privacy issue, report it immediately to FIPPO, your manager or the Freedom of Information Law (FOIL) office.

Visit the  Security Matters website to learn more about protecting yourself online and your data.

Additional resources

  • For more information on how to protect your data, contact FIPPO.
  • For questions about information security, contact us at security@utoronto.ca.

[Phish] RE: Urgent Student Payment Reminder

January 26, 2023

Details:

Subject: RE: Urgent Student Payment Reminder

Dear student,

Our records show that you have not made your payment for the 2022-3023 Fall-Winter session.   Please make your payment by the end of this week to avoid a service charge

It is strongly recommended that you make regular payments to reduce the balance on your student account and thus reduce the amount of service charges incurred. Please Contect BUSry On EmailAddress: {redacted malicious email address} On ow to make your payment a financial hold will be placed on student accounts with unpaid balances for the 2022-2023 in 24hours.

 

Sincerely,

{Spoofed name}

University Registrar

University of Toronto

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Students compete at Capture the Flag event

January 20, 2023

On Jan. 14 – 15, the University of Toronto’s Capture the Flag team, in collaboration with the Google Developer Student Clubs and Mathematical and Computational Sciences Society, held a hybrid Capture the Flag competition for U of T students across the tri-campus community.

A team at the front of the class during the Capture the Flag event
Students sitting in a classroom at the Capture the Flag event

The event welcomed a total of 57 teams, made up of 134 players. These participants competed in 23 unique challenges focused on honing their cyber security skills.

Congratulations to the winning teams, “CS Crushers” who went home with a $200 cash prize.

Winning team members: Ruizhen Liu, Milo Mighdoll, Justus Croskery, Jaiz Jeeson

This event was sponsored by Information Security at U of T, AON and CYCURA.

For more information on U of T Capture the Flag events, visit https://uoftctf.org/.

Information Security social media platforms undergo rebranding

January 13, 2023

The University of Toronto’s Information Security social media accounts are intended to inform and educate the community about U of T’s information security programs, resources, events and news. To keep up with ever-evolving programs and messaging, the @UofTCyberAware accounts have been rebranded to @UofTInfoSec.

The rebranding took effect on Jan. 23, 2023, and includes updates to all social media handles and profile pictures. The content posted from these accounts will remain consistent with current messaging.

Follow us to stay informed on Information Security at U of T:

Cyber Security Month 2022 recap: U of T community learns how to stay “Secure Together”

November 18, 2022

Cyber Security Month is an international campaign held every October to highlight the importance of information security and help Canadians understand how to stay safe online.

Cyber Security Month 2022 at the University of Toronto was hosted by the Information Security team, in partnership with Education, Awareness & Culture. This year’s campaign offered the community virtual and in-person events and educational resources on how to protect ourselves and the University against top information security threats.

“Cyber Security Month is celebrated every year at U of T to educate the tri-campus community about the importance of information safety. Continuing our efforts to create a security aware culture, the main objective of this year’s campaign was to remind everyone about the information security resources available to the community.” says Kalyani Khati, Associate Director, Information Security Strategic Initiatives. “We are happy that this was a successful campaign. This year was especially exciting as we were able to host both in-person and virtual events.”

The Cyber Security Month 2022 campaign page gained a total of 527 views over the month. The engagement (likes, re-tweets, clicks, follows etc.) for Cyber Security month content on CyberAware social media channels also saw an increase of 10 per cent on Twitter and 80 per cent increase on Instagram from last year. The increase in engagement helped us to reach and educate a broader audience about information security.

Cyber Security Month 2022 events

As a prelude to Cyber Security month, the Information Security team partnered with the Ministry of Public and Business Service Delivery to host a hybrid panel event called “Securing your Future: Bridging the Cyber Security Talent Gap”. Post-secondary students from across Ontario heard from experts about how to break into the industry, with or without technical education or experience. Read more about the event.

Cyber Security Month 2022 hybrid panel event collage

Along with the hybrid panel event, U of T hosted Coffee with the CISO events for staff, faculty and students. There was a 92 per cent increase in this year’s event attendance from 2021.

The Coffee with the CISO event for staff and faculty was held virtually and welcomed 54 attendees. Isaac Straley, CISO discussed the potential cyber security risks for U of T and the recommended approach to addressing them.

Virtual Coffee with the CISo group photo

The Coffee with the CISO events for students were held in-person at UTM and UTSC campuses which were attended by 28 students. The events provided a great opportunity for the students to learn more about information security, gain insights about careers in the industry and engage with various members of the information security team at U of T.

When asked about building experience in the field of information security, Isaac said, “Capture the flag exercises are a good way to gain practical experience to prepare for a career in information security. These exercises help to demonstrate your ability to practice security and react to ‘real world’ scenarios.”

Coffee with the CISO at UTSC mingling session

UTM Coffee with the CISO event

Attendees who provided feedback via the post-event survey indicated that they gained valuable insights about information security, careers in the industry, and how factors like experience and trust are key for this field.

Cyber Security Month 2022 was yet another successful campaign that provided U of T staff, faculty and students with many opportunities to learn how to stay safe online. Let’s remember to stay “Secure together” year-round.

Visit our 2022 campaign resources webpage for information that will help you to stay safe and secure online. Don’t forget to visit the Security Matters website regularly for more information security news.

[Phish] University of Toronto Email Validation–ID-cdlhyuey63

November 3, 2022

Details:

Subject: University of Toronto Email Validation–ID-cdlhyuey63

Hello,

This email is to notify all students and staff that there is email validation exercises. We will need you to confirm that your email is still in use.

If you don’t want your e-mail account to be terminated during the exercise,

Send “Utoronto Email Validation” to {malicious phone number}

 

if you do not comply with the above, your email access will be disabled.

Please accept our apologies for any inconvenience this may cause.

 

Regards

System Administrator

the University of Toronto

Message ID-cdlhyuey63

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Phishing 101: Spot, report and prevent

September 29, 2022

Some people may wonder how much damage an email can cause, but did you know that around 90 per cent of cyber incidents occur as a result of a successful phishing attack?

With increased reports of cyber attacks around the world, it’s important to know what to do in the event of a phishing attack. Use this quick guide to learn how to protect yourself.

What is phishing?

Phishing is a form of social engineering used by cyber criminals to trick individuals into clicking a malicious link, downloading malware or sharing sensitive information. Generally, the messages are convincingly disguised as to appear legitimate.

Received a suspicious email? Pause to think before you act.

Ask yourself these questions if you receive a suspicious email before you engage with the email:

  1. Does this message make sense?
  2. Why am I receiving this email?
  3. Does the tone seem unnecessarily rushed or urgent?
  4. Am I being asked to download an attachment or click on an unknown link?
  5. Am I being asked for information that is personal or sensitive?

If your answers don’t clear your suspicions, then report the email immediately. Learn more about how to identify and report a phishing attempt.

What to do if you suspect an email to be a phishing attempt

  1. Do not interact with the sender. Do not click on links, download attachments, provide personal information or forward it to your contacts.
  2. If in doubt, call or ask the sender in-person to confirm if the email is really from them.
  3. Report the email to report.phishing@utoronto.ca and then delete it from your inbox.
  4. If you already engaged with the sender or clicked on a link or attachment, please contact security.response@utoronto.ca immediately for assistance.

How can you prevent future phishing attacks?

Hackers frequently steal login credentials to access email accounts. These compromised accounts are then used to send phishing emails to other unsuspecting individuals. Protect your online accounts to prevent this from happening:

  1. Use multi-factor authentication (MFA) for your online accounts. Enrol in UTORMFA, U of T’s multi-factor authentication solution, to add an extra layer of protection to your U of T online accounts.
  2. Create unique and strong passwords for your online accounts.

Keep an eye out for these common types of phishing:

  1. Email phishing: Fraudulent emails designed to manipulate individuals into revealing sensitive information or taking other harmful actions.
  2. Spear phishing: Fraudulent emails targeting a specific group or individual in an organization.
  3. Whaling: Fraudulent emails targeting senior executives at an organization.
  4. Smishing: Phishing messages sent via SMS.

Check out the Phish Bowl for examples of actual phishing emails received by members of the U of T community.

Visit the Security Matters website regularly to learn more about information security and online safety.

Cyber security professionals advise and encourage students to bridge the talent gap

September 29, 2022

On Sept. 28, 172 engaged post-secondary students from across Ontario gathered in-person at the University of Toronto’s Chesnut Conference Centre and virtually through Microsoft Teams to hear industry professionals discuss the future of the cyber security workforce.

U of T partnered with the Government of Ontario’s Cyber Security Centre of Excellence to host the Securing our future: Bridging the cyber security talent gap hybrid event. Speakers included professionals with backgrounds in data privacy, technical and non-technical cyber security and even a student leader from U of T. With a focus on how to start a career in cyber security, these speakers gave insights from their experiences getting started and excelling in the field.

One of the keynote speakers was U of T’s Chief Information Security Officer, Isaac Straley, who, alongside Jeff Musson, Founder, Coding for Veterans, spoke about transitioning into the technology industry and how the shift to digital society is impacting job trends in this space.

“It’s an interesting time in information security, and it was exciting to see so many engaged and enthusiastic students with an interest in the field,” says Straley. “I encourage students to keep tapping into that interest and curiosity as a starting point to breaking into the field. I am an advocate for the role of universities and colleges as a route to develop these mindsets.”

Isaac Straley speaking during a panel discussion.

The panel portion of the event produced lively discussions, as panelists answered questions about unique opportunities available to students and advice for starting a career fresh out of school.

“Getting involved with student associations is a really good idea because companies will often partner with them and offer free training,” explains panelist Aidan Mitchell- Boudreau, U of T student Information Security Council member. “This is an example of a great opportunity if you’re a student looking to explore the field of cyber security, but you don’t want to invest a lot into it financially at first.”

Panelist Aidan Mitchell- Boudreau speaking during the panel discussion.

The event also welcomed many VIPs including the minister and deputy minister of the Public and Business Service Delivery of Ontario, Kaleed Rasheed and Renu Kulendran respectively, and Patrice Barnes, Parliamentary Assistant to the Minister of Education. Their remarks showed appreciation for all that Ontario universities are doing to educate our communities about cyber security and encouraged students to pursue careers in Ontario’s cyber security field.

“The cyber threats we face are becoming more and more sophisticated but by being proactive, we can ensure the safety and privacy of the people and businesses of Ontario,” says Minister Rasheed. “To accomplish that, we must ensure we have the necessary talent to build up our safeguards, and that starts with students like you helping us bridge the talent gap.”

Minister Rasheed