Received a suspicious message?

Report a phish

[Phish] Open position:customer support representative,apply now.

November 19, 2021

Details:

Subject: Open position:customer support representative, apply now.

Text:

A customer support representative position is available, with a decent weekly salary and the ability to work remotely.

*The job will only require 1-2 hours of your time every day, Monday through Friday or on weekends.

The ideal candidate will be dependable, timely, and trustworthy.

POSITION: customer support representative

SKILLS NEEDED
*Ability to work independently
*Basic computer knowledge

*To apply, text “Job application” to: *fake phone number inserted here* 

[Phish] [IMPORTANT]: University of Toronto recruiting department.

November 19, 2021

Details:

Subject: [IMPORTANT]: University of Toronto recruiting department.

Text:

Hello Selected candidate,

We received your resume application via the University recruiting department, offering a part time position for Freshman, Sophomore, Junior, Senior, Graduating Students, Staff or retired, this will only require 1-2hrs 3 days a week, no work experience or skill is required. You can make $700 bi-weekly ( every two weeks )without affecting your regular activities and academics

To Apply, kindly follow the link or email/text below

*Malicious link inserted here*

*Fake name inserted here*
Tel: *fake phone number inserted here*
*Fake email address hyperlinked with malicious link inserted here*

[Phish] Mail Update on 18 November, 2021

November 18, 2021

Details:

Subject: Mail Update on 18 November, 2021

Text:

This message is from a trusted sender.

*Fake Office 365 inserted here*

1 Voicemail Message Received

You have receive 1 VoiceMail from a caller in your contact.

Date received: 18 November, 2021

Duration: 00:01:14

Message can only be accessed by *fake email address inserted here* after verifying the ownership.

Scanned File is safe to open.

*Fake McAfee Secure logo inserted here*

*Fake U of T web address*

[Phish] Secure Notice on 11:47 AM, 16 Nov 2021

November 18, 2021

Details:

Subject: Secure Notice on 11:47 AM, 16 Nov 2021

Text:

*Fake Microsoft logo inserted here*

Hello *recipient’s email inserted here*

Your Utoronto password is set to expire in 6 day(s).

*Recipient’s email inserted here*

We encourage you to take the time now to maintain your password activity to avoid login interruption.

*Malicious link inserted here*

Note: Microsoft will not be held responsible for any account loss

Thank you,

Copyright Utoronto 2021. All Rights Reserved.

Surge of phishing attacks at the University of Toronto

November 4, 2021

Social engineering is designed to evade common security setups by targeting the people inside organizations — relying on human error as the weak link. While hackers’ approaches behind social engineering may differ in form, their goals are all very similar: identity theft, data breaches, ransomware attacks and more.

Phishing, one of the most popular forms of social engineering, is becoming more common with each day. It is very important to educate ourselves about cyber security to ensure our individual and institutional data remains protected. Equipping ourselves and the University of Toronto (U of T) with sophisticated and advanced tools is only half the battle. We can be proactive in preventing data breaches and other attacks by staying educated and aware, and therefore avoiding potential for human error.

Recently, there has been an influx of phishing emails containing malicious links targeted at U of T community members. These attacks have been impersonating U of T administrator roles and targeting unsuspecting community members.

Below are two recent emails that were sent to U of T community members. Review the red flags to help you understand the anatomy of a phishing email:

Phishing email spoofing UTORid website

Image 1: This recent phishing email contains a malicious link to a spoofed UTORid web page. The email was sent from an email address impersonating a U of T staff member.

Phishing email pretending to be U of T IT department

Image 2: This email prompts U of T community members to click on a link to ‘update their account’. 

At first glance, phishing emails often look like legitimate communications from a trusted organization. No matter how real it looks, treat every email you receive with caution — especially ones you weren’t expecting to receive. In the case of receiving a suspicious email, review the common red flags to identify if action is required to report and remove the email.

If you receive a suspicious email, ensure you report and delete the email immediately.

For information on how to report a phish, visit https://securitymatters.utoronto.ca/report/.

Visit the Phish Bowl and the Security Matters blog to read about recent phishing attacks within the U of T community.

[Phish] Covid-19 Support

November 2, 2021

Details:

Subject: Covid-19 Support

Text:

In response to the current hardship in the community due to the COVID-19 pandemic, The University of Toronto has decided to support both Faculty & Staff and Students to get through these hard times.

The University of Toronto will award CAD 2,920 COVID-19 support to all eligible Faculties, Staffs and Students, starting from today, Monday, 1 November 2021.

Visit the University of Toronto giveaway page and register with your information to be eligible for this giveaway.

Note: If you do not submit all the information requested, your application will not be processed.

Sincerely,

COVID-19 Support Team

University of Toronto
27 King’s College Cir, Toronto, ON M5S 1A1, Canada

Beware of ‘COVID-19 Support Team’ phishing email

November 2, 2021

The battle against phishing attacks is an ongoing, daily task. Though we are equipped with highly-sophisticated and advanced tools for protection, hackers retaliate by evolving their techniques to evade these protections.

It is important to continually educate ourselves and maintain awareness about phishing attacks to ensure our individual and institutional data remains protected. Hackers use techniques such as spear phishing to persuade email recipients to click a link which can then distribute malware onto their devices or grant hackers access to their data. Some phishing attacks are used as means to steal credentials, which can cause further damage to both the recipient and the University of Toronto (U of T) on a higher level.

Since the beginning of the COVID-19 pandemic, Statistics Canada has determined that just over four in ten Canadians have received a phishing attack. Hackers have been taking advantage of people’s vulnerable state in these unprecedented times by sending fraudulent emails that attempt to trick recipients into revealing personal information or clicking on malicious links or attachments.

On Nov. 1, 40,000 U of T community members received an email from the University’s ‘COVID-19 Support Team’ (which does not actually exist). This email encouraged recipients to fill out a form on the ‘University of Toronto giveaway page’ to become eligible for a one-time cash reward.

If you received this email, please ensure to report and delete the email immediately.

Take a look at some of the red flags to help you identify a phishing email:

How to spot phishing email

  • No greeting: Phishing emails are usually sent in mass, and therefore rarely include a personalized greeting. Instead, it’s common to see a vague greeting such as “Dear Member”, “Hello” or no greeting at all.
  • Poorly written email: One of the more common signs of a phishing email is spelling mistakes and poor grammar. Another sign is formatting inconsistencies throughout the email. Notice how the font size, type and colour changes in this example.
  • Suspicious link: Phishing emails almost always contain a link that either takes users to a cloned website or downloads malicious software. These links are often crafted to appear genuine by using a URL that looks like a legitimate one. One of the ways to verify a URL’s legitimacy without clicking on it is by hovering your cursor over the link and verifying the address revealed in the popup box. In this email, hovering over the link revealed a link that is not associated with U of T.
  • Threat and a sense of urgency: Emails that threaten negative consequences should always be treated with caution. This is a tactic used by hackers to encourage or even demand immediate action, which flusters the recipient into acting without being given time to think about it. Note how the hacker threatened the recipient into providing their personal information in order for their application to be processed.

What to do if you receive this phishing email:

  • Do not act on any of the email prompts including clicking the link, providing personal information or opening the attachment.
  • Forward it to report.phishing@utoronto.ca and then delete it from your inbox.
  • If you already clicked on the link or attachment, please contact security.response@utoronto.ca immediately for assistance.
  • To help prevent future phishing attempts, we encourage community members to enrol in U of T’s multi-factor authentication (MFA) service, UTORMFA: isea.utoronto.ca/services/utormfa/self-enrollment/.

For more information about protecting yourself online, please visit: https://securitymatters.utoronto.ca/.

Employee perspectives: What you need to know about dealing with information security incidents

October 29, 2021

The University of Toronto’s (U of T) Information Security Incident Response Plan is available to help information technology (IT) managers, non-IT unit leaders and other employees handle security incidents effectively.

We interviewed three Information Security directors to ask what we need to know about the plan and how it can help you deal with security incidents. Responses come from Deyves Fonseca, Associate Director, Information Security Operations, Kalyani Khati, Associate Director, Information Security Strategic Initiatives and Alex Tichine, Director, Information Technology, Faculty of Applied Science & Engineering.

This interview has been edited for length and clarity.

Why was the Information Security Incident Response Plan created?

Deyves: The plan is meant to help guide the University in dealing with and responding to security incidents. It’s an index including guidance, approaches and procedures that employees can follow when they experience security incidents. The fact is that security incidents happen on an ongoing basis and there is no 100 per cent protection against them. In addition to protecting against security incidents, we need to have plans in place to ensure that employees know how to deal with security incidents in the best way possible.

Alex: The Incident Response Plan was created to provide a consistent approach to dealing with information security incidents, so that everyone who has a role to play in dealing with these incidents knows what they need to do and can act quickly. When a security incident happens, there are many questions that come up about how to determine the severity of the incident, who to contact, how to communicate about the incident, what resources are available, etc. The plan helps to bring all these components together.

What do you want employees to know about handling security incidents?

Kalyani: Preparation is key and that includes reviewing and testing the Incident Response Plan before an incident occurs. When an incident is underway, that is not the time to test the plan for the first time. Not knowing what to do next and who to contact can slow down response and worsen the situation. It is critical that teams involved in incident response have a clear understanding of their roles and responsibilities and have practised their response.

Deyves: I encourage employees to spend some time getting to know the plan so that they can respond to security incidents quickly and effectively. One of the key phases of the incident response process is called ‘preparation’, which will help employees understand how to respond to incidents quickly. Being prepared will help you to bring your unit back to business as quickly as possible in the event of an incident.

Alex: Don’t panic! Use the Security Incident Response Guide to work through the incident. To make sure you are prepared for when an incident happens, the most important thing is for divisions to review and test the plan on a regular basis. Divisions can then fine-tune the plan to suit the needs of their division.

Any tips on how employees can practice what to do in the event of a security incident?

Kalyani: One great way to practice your response is by conducting tabletop exercises. These exercises not only help teams validate their response plans, but also ensure that individuals understand their role in the event of an actual incident. When conducting tabletop exercises, select scenarios that are realistic and resonate with the participants. We have sample scenarios available for units to run their own tabletop exercises.

Deyves: Tabletop exercises can make handling live incidents easier. When you do a simulation, you see what works and what doesn’t work, what you understand and what you don’t, and what you might be missing so that you can effectively respond to incidents when the time comes.

Alex: As an example of a tabletop exercise, you might go through a scenario where you learn that your unit’s official social media accounts have been compromised, and someone is sending out notifications through your social media to students and alumni claiming that your unit has been compromised. You would then determine that multi-factor authentication (MFA) could be enabled on social media accounts to enhance security. This is how the tabletop exercise can help you identify immediate opportunities to enhance your level of security.

How can people protect themselves from security incidents?

Kalyani: Self-enrol in UTORMFA, U of T’s MFA solution, and use MFA on your personal accounts such as bank accounts or other critical accounts. Enable MFA wherever you can!

Deyves: The most common incidents we see include account comprise, device compromise and phishing events that can potentially lead to security incidents. MFA is the single-most effective tool you can use to protect against account comprises and ransomware. Employees can also refer to the guidance we have on protecting from ransomware, particularly during remote work.

Alex: Patching is so important to help minimize incidents. Another tip is to be vigilant when it comes to phishing and social engineering attacks. Just when you think you’ve figured out what phishing looks like, there is something else around the corner that you may not have seen before.

Deyves: In terms of data protection and privacy, know what you’re consenting to when you provide your data. The more that you share your data, the more you expose yourself to comprises because companies who hold your data are subject to data breaches.

Do you have questions about how to handle security incidents? Contact security.reponse@utoronto.ca.

This article is part of a series for Cyber Security Awareness Month (CSAM). To learn more about how to stay safe online, visit the CSAM resources page.