Received a suspicious message?

Report a phish

U of T community: Watch out for payroll fraud phishing email

October 27, 2021

Phishing has become one of the most popular subsets of social engineering. It is likely that most people have received an email urging action on an unknown link or attachment to prevent being ‘locked out of your accounts’. According to the 2021 Data breach Investigations Report (DBIR) by Verizon, 36 per cent of online breaches involved phishing, which is an 11 per cent increase from last year.

While some phishing emails might look suspicious due to poor grammar, spelling mistakes and other red flags, hackers have become more advanced, and their phishing attempts are more successful. Spear phishing is one of the most common and dangerous methods used to conduct fraud, usually on specific individuals or organizations. Often, the recipients are asked to open a malicious attachment or click on a link that takes them to a spoofed website where they are asked to provide passwords or other personal information.

Recently, members of the University of Toronto (U of T) community received a phishing email that contained a link leading to a spoofed version of the UTORid login page. Here are some of the red flags that were present in the email:

Phishing email sent to U of T community

  • Email spoofing: Email spoofing is the act of sending phishing emails from a forged email address. This is a technique used in most phishing emails to get the recipients to open and engage with the email. In this instance, the hacker is attempting to impersonate U of T administration by using an official U of T email domain. 
  • Generic greeting: Legitimate emails from a trusted organization or emails exchanged between colleagues will often include a direct greeting (your name). Hackers typically use generic greetings such as “Dear Member” or “Good morning” because they are sending mass emails and do not have access to your personal information (name). However, more advanced attacks may address you by name, which is why you should stay informed of all the different phishing red flags.  
  • Suspicious link and cloned web page: This phishing email contained a link to a .PDF extension — hovering over the link uncovered a suspicious URL unrelated to any known U of T websites. This link leads to a cloned version of the UTORid login page. A cloned webpage works by copying the front-end of a website to trick the email recipient into trusting the page and inputting their personal information. U of T staff, faculty and students will never be asked to provide their UTORid credentials via email. 
  • Poorly worded email: Often, you can spot a phishing email by the poor use of grammar and spelling. Right from the subject line, this email displayed both these flaws. Always ensure to read the email carefully and check for spelling and grammatical mistakes, as well as oddly worded sentences. 
  • Demanding urgent action: A common tactic used by hackers is to create a sense of urgency. This tactic is widely successful because recipients feel too rushed to analyze the email in detail and are more likely to fall for the attack. In this instance, the sender asked the recipient to manually approve the schedule within “48hours” (note the grammatical error) of receiving the email.  

Learn more about identifying and reporting a phishing attempt 

Data classification: Using a risk-based approach for data protection

October 27, 2021

Most of us work with data on a day-to-day basis; the data we handle range from blog posts, course material and internal reports to personal information and health records. Not all data are created equal – while press releases and blogs are meant for public consumption, personal information and health records are extremely sensitive and need to be protected accordingly. Knowing the criticality of data and their risks helps us make informed decisions on how best to protect our data.

To appropriately protect data, we need to identify how sensitive the data are and the risk to the University and its people if the data are lost, stolen or exposed. This is where data classification helps – it allows users to classify data into separate categories. These categories indicate the value and sensitivity of the data and determine the level of protection needed for the data. This is akin to putting a “Fragile, handle with care!” label on a box of valuable crystal.

We want to provide the right level of protection to our data. While under-protecting data puts them at risk, overprotecting data wastes valuable resources that could be better utilized elsewhere. Just like we wouldn’t put a “Fragile, handle with care!” label on a box of pillows, it doesn’t make sense to apply the same level of protection to less sensitive data as that applied to highly sensitive data such as personal information.

To help protect University data, the University of Toronto (U of T) has released a data classification schema, endorsed by the Information Security Council. This data classification schema applies to everyone at U of T who produces, defines or uses University data, along with those who govern the access, use, storage and deletion of University data.

Hear more about the data classification schema from U of T staff

“Data classification is essential for effective data governance, privacy, risk management, security program development and operations. Protecting our data is a shared responsibility. We want to educate the community about U of T’s data classification schema and how it can be applied to make risk-based decisions about protecting data.” – Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

“A long-term objective of the Institutional Data Governance Program is to create a culture in which everyone who collects, manages or uses institutional data follows good data governance principles and practices. The U of T data classification schema is an effective tool that helps us better understand our data so we can meet this objective.” – Jeffrey Waldman, Manager, Institutional Research and Data Governance.

Understanding U of T’s
data classification schema

Level 1

This category is for data that the University has designated as being generally accessible to the public. Examples include:

  • Data from the U of T Directory
  • Press releases
  • News articles

Level 2

This is the default category. It includes data that the University has chosen not to make public but has also not been designated in another level. Examples include:

  • U of T Advanced Directory for faculty and staff
  • Most unpublished research
  • Most course materials

Level 3

This category is for non-public data that contains personal information (as defined by Freedom of Information and Protection of Privacy Act [FIPPA] for which appropriate permission to disclose has not been received) and other data that the University has designated as being level 3. Examples include:

  • Student information and records
  • Employee records
  • Video surveillance security footage

Level 4

This category is for non-public data that is highly sensitive such that its disclosure poses substantially greater risk of harm to the University and to the data subject than level 3 data. Examples include:

  • Personal health records as defined by Personal Health Information Protection Act (PHIPA)
  • Customer payment card information when the University is in a merchant capacity.

Find out more about data classification at isea.utoronto.ca/policies-procedures/standards/data-classification/.

This article is part of a series for Cyber Security Awareness Month (CSAM). To learn more about how to stay safe online, visit the CSAM resources page.

[Phish] 21/22 Payroll Calender

October 26, 2021

Details:

Subject: 21/22 Payroll Calender

Text:

Dear Member
You new payroll schedule calendar for 2021/22 is now available for your approval.

Payroll-21/22.pdf

We require your manual approval within the next 48hours after receipt.
Best Regards,
The University of Toronto

Recent phishing attempt poses as U of T administration

October 19, 2021

Phishing continues to play a big role in the digital threat landscape. To further enhance the University of Toronto’s (U of T) cyber defences, we are highlighting a recent cyber attack that was successfully thwarted on Oct. 18. U of T community members received a phishing email where the hacker impersonated a U of T administrator role. Suspiciously, the email came from a fake U of T student email, ending in mail.utoronto.ca. The attack aimed at retrieving the user’s credentials through a link, which at first glance looks legitimate, but was obscured using a URL shortening feature.

Although, the attempt could seem sophisticated, the hacker used a few telltale signs of a malicious email:

  • Email spoofing: This is a technique used in phishing attacks to trick users into thinking a message came from a known and trusted source. In these attacks, the sender forges email headers so that the email displays the fraudulent sender address. In this instance, the sender was pretending to be a U of T administrator, however the email address used was a student email.
  • Sense of urgency: Evoking a sense of panic, urgency, or curiosity is a commonly used tactic to scare recipients into giving up confidential information. The email subject and body suggest urgent action requirement and the recipient’s account being locked if they don’t click on the link.
  • Requesting personal information: The copy asks the recipient to log in using the given link, which is another telltale sign used by hackers to steal credentials, leading to further damage such as identity theft, loss of other information and more.
  • Suspicious links: The URL in the copy contains terms such as ‘utoronto’ and ‘verified-account’ to make it seem legitimate, however a suspicious bit.ly link is exposed when hovering over the written link. Hackers use URL shorteners, such as bit.ly, to bypass email filters and trick users to click on malicious links.

How to spot phishing email

Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information or bank account details.

Here are some steps you can follow to in the case you receive a suspicious email:

  • Report phishing messages by either using the “report message” function in your Office 365/UTMail+ inbox or report it to report.phishing@utoronto.ca.
  • When in doubt, call or ask the sender in person to confirm that the email was really from them.
  • If you opened an attachment that was provided in a phishing email, contact to your local IT service desk immediately.
  • If you suspect your password may have been compromised due to an attack, ensure you immediately change it.

Visit here for more information on identifying and reporting a phishing attempt.

University of Toronto’s new Information Security Standard

October 19, 2021

The Information Security program at the University of Toronto (U of T) is continually working with the community to better protect the University and its people against security risks. Most recently, the University’s Information Security Council has endorsed the Information Security Standard (the Standard) to provide a set of baseline security measures to protect our data and information systems based on the associated data classification. The standard is customized to U of T’s specific environment.

“The Information Security Standard consists of the measures we take to protect our systems and data based on risk,” said Deyves Fonseca, Associate Director, Information Security Operations. “Keeping U of T’s data and computing environment safe and secure is a team effort. Therefore, it is critical that everyone at U of T understands the Information Security Standard and applies it to protect our data and information systems,” he added.

Applying the Information Security Standard

Protecting our data and information systems is a shared responsibility — every person in the U of T community plays a role in applying the Information Security Standard guidelines.

Here is how you can use the standard based on your role:

  • Data users: Learn how to securely handle the data you work with.
  • Decision makers: Make strategic decisions about protecting data and systems within divisions and administrative or academic organizational units.
  • Teams managing information systems: Implement security safeguards, configure systems and build processes to reduce risk.

Help secure U of T’s data and information systems

For more information, visit the ISEA website.

This article is part of a series for Cyber Security Awareness Month (CSAM). To learn more about how to stay safe online, visit the CSAM resources page.

[Phish] IMPORTANT: Action Required!

October 19, 2021

Details:

From: John Doe<John.Doe@mail.utoronto.ca>

Subject: IMPORTANT: Action Required!

Text:

Your account has been held for your protection.

Please log on here now https://idpz.utorauth.utoronto.ca/-verified-account//.. and follow the instructions.
If you fail to do this, Your account will be permanently blocked.

Thank You

© University of Toronto

Please do not reply to this message. Mail sent to this address cannot be answered. 

Enable multi-factor authentication to stay secure

October 8, 2021

Enabling multi-factor authentication (MFA) is a simple step you can take to protect yourself from information security threats like ransomware and password theft. MFA works by adding an additional layer of security on top of your password, such as authentication through a mobile device or hardware token.

The University of Toronto (U of T) offers its own MFA solution called UTORMFA. Here are a few steps you can take to protect yourself and your information.

Self-enrol in UTORMFA

UTORMFA enables you to work remotely with confidence. UTORMFA’s multi-factor authentication solution is provided by DUO, a mobile application. When you attempt to login, a push notification is sent to your phone.

Duo Mobile is rolling out a redesigned version of its app that will improve the login experience. UTORMFA’s “remember me” feature has also been extended from one day to seven days to make it even more convenient to use.

Over 11,000 members of the U of T community use UTORMFA. If you don’t already use UTORMFA, self-enrol in minutes.

Protect your personal accounts

In addition to using UTORMFA, it’s important to protect your personal accounts like banking and social media. Many service providers offer the option to enable MFA for your account. Find out how to enable MFA on your personal accounts via the links below.

Enable MFA on your banking and financial accounts

Enable MFA on your social media accounts

Hear from U of T staff about the benefits of MFA

“MFA is one of the easiest and most effective ways to secure your accounts, whether they be work or personal. With the emergence of new and ever more sophisticated cyber threats, the peace of mind knowing that your important accounts and personal data are protected is invaluable. If you haven’t already started using MFA, there is no better time than today!” – Jeff Crabb, Computing Support Analyst, Information & Instructional Technology Services, U of T Scarborough

“In today’s era of rampant security breaches and password compromises, MFA has become a very effective and efficient tool to safeguard access to organizations’ sensitive assets. All of us have a role to play in this fight against cyber-attacks, and adopting MFA to augment passwords with other factors such as smartphone-based MFA applications go a long way in ensuring that such attacks do not succeed.” – Akshat Mishra, Information Security Program Manager, Information & Instructional Technology Services, U of T Mississauga

This article is part of a series for Cyber Security Awareness Month (CSAM). To learn more about how to stay safe online, visit the CSAM resources page.

Sign up for Cyber Security Awareness Month events!

September 28, 2021

October is Cyber Security Awareness Month, an internationally recognized campaign held annually to spread awareness about the importance of information security and encourage Canadians to use best practices. 2021 marks the 10-year anniversary of the campaign, and the Information Technology Services’ (ITS) Information Security team is hosting a variety of virtual events to show you how to keep your information secure.

Coffee with the CISO: Let's talk information security

Thursday, Oct. 14, 2021, 11 a.m. – 12 p.m. (Microsoft Teams)

Coffee with the CISO: Let’s talk information security

Do you have questions about the information security sector? Are you thinking about a career in information security? Are you interested in how the University of Toronto (U of T) is navigating the evolution of ever-changing technology?

Grab a coffee and join us virtually for an informal and open conversation, hosted by Isaac Straley, Chief Information Security Officer (CISO), U of T.

This session will feature a brief presentation from Isaac, followed by a 40-minute interactive Q&A. Bring your questions and come ready to chat with the CISO!

Please note: This event is open to U of T students only, with a capacity limited to 30 attendees. RSVP by Wednesday, Oct. 13.

Registered attendees will be entered for a chance to win a Starbucks e-gift card!

Register

Coffee with the CISO: Information security over the past decade

Friday, Oct. 22, 2021, 11 am – 12 pm (Microsoft Teams)

Coffee with the CISO: Then and now – information security over the past decade

How has the information security sector grown over the last decade? What initiatives has U of T implemented to adapt to these changes? How is information security an enabler, and what are the best ways to navigate the landscape of secure computing?

Join us at this virtual event, hosted by Isaac Straley, CISO, U of T, for an open conversation about the challenges and accomplishments of the information security sector. Grab a coffee and engage in a brief presentation followed by a 40-minute interactive Q&A session with the CISO.

Please note: This event is open to U of T staff and faculty only, with a capacity limited to 30 attendees. RSVP by Thursday, Oct. 21.

Registered attendees will be entered for a chance to win a Starbucks e-gift card!

Register

Secure Together virtual panel event

Tuesday, Oct. 26, 2021, 11 a.m. – 12 p.m. (Microsoft Live)

Secure Together – An information security virtual panel event

Effective information security is an essential part of staying safe in our increasingly virtual world. In this one-hour virtual panel event, you will hear from experts in information security and workforce infrastructures, nation state threats and governmental policy.

Isaac Straley (Moderator)
Chief Information Security Officer
U of T

Abdullah Alagha (Panelist)
Cloud Security Consulting Lead, Accenture
Cyber Security Instructor, U of T

Ron Deibert (Panelist)
Director, the Citizen Lab, Professor, Political Science
Munk School of Global Affairs and Public Policy
U of T

Julia Le (Panelist)
Senior Manager, Cyber Security Education
& Centre of Excellence, Ontario Government

Q&A session to follow. All U of T students, staff and faculty are welcome. RSVP by Monday, Oct. 25.

Registered attendees will have a chance to win a $50 gift card to the U of T campus bookstore!

Register

 

All events are complimentary. We look forward to celebrating Cyber Security Awareness Month with you!

Cyber Security Awareness Month: Let’s get secure together

September 27, 2021

News about data breaches, phishing scams and other information security incidents has become all too common, especially with the increase of remote working and learning. That’s why effective information security is an essential part of staying safe in our increasingly virtual world.

Every year, as part of Cyber Security Awareness Month (CSAM), the University of Toronto (U of T) runs a month-long information security campaign to raise awareness about the simple steps we can take to stay safe online.

Security is a top priority for the University. There are many information security resources available to help protect students, faculty and staff – ranging from multi-factor authentication to helpful information for students and employees.

“Current times call for more rigorous information security practices,” says Isaac Straley, Chief Information Security Officer. “This not only involves the hard work of our Information Security team, but it is also the shared responsibility of our U of T community.”

This year’s campaign theme, Secure Together, will focus on how everyone at U of T can work together to protect themselves and keep U of T’s information, devices and community safe and secure.

“Our goal in this campaign is for everyone at U of T to learn something new that they can use to be safe as they work, learn and connect online,” says Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

Check securitymatters.utoronto.ca regularly to keep informed on CSAM events, activities and resources.

Join us on social media

Follow us Twitter, Facebook and Instagram for tips and simple steps everyone can take to be secure together.

Did you know?

This year marks the campaign’s 10th anniversary. Look out for campaign activities that will look back at how far we’ve come and how the world of information security has developed over the past decade.

Cyber Security Awareness Month events

U of T is hosting events for staff, faculty and students during Cyber Security Awareness Month. Sign up via the links below.

Oct. 14, 2021

Open to U of T students only. 

Register

Oct. 22, 2021

Open to U of T faculty and staff only. 

Register

Oct. 26, 2021

Open to U of T students, faculty and staff. 

Register

Visit our resources page to learn how to protect yourself and your information.

[Phish] Utoronto New FaxMessage Received on 29/06/2021

June 30, 2021

Details:

From: [Redacted]

Subject: Utoronto New FaxMessage Received on 29/06/2021

Attachment:

Utoronto.ca_Fax-Message.html

Banner:

EXTERNAL EMAIL: This sender has been verified from Utoronto.ca safe senders list.*

*This is not a University of Toronto-approved banner

Text:

New Fax Notification For [redacted].

DTMF/DID: +692 692-7810
Received: 29/06/2021 – 15:27:59 GMT
Resolution: Fine
Type: Attachment
Number of pages: 2
Reference #: -0AC1-YDUX40-RBO7-6538-838

This is a system notification from Utoronto fax server. To view received fax messages, please refer to attachment and authenticate with user credentials to enable instant access to all your fax messages on the go.