Security Matters

Holiday shopping season is around the corner! With great discounts and offers, also comes the risk of online fraud and scams. Here are four simple yet effective tips to have a safe online shopping experience: Before making any online payments, ensure a secure connection by verifying that the website’s URL begins with “https://” and has ...

As part of Cyber Security Awareness Month 2023, University of Toronto launched a month-long campaign to spread security awareness and bring the tri-campus community together to discuss security matters. The theme of this year’s campaign revolved around the newly released Information Security strategy, with both virtual and in-person events focusing on the four information security ...

A new category of phishing, which uses malicious QR codes to steal user credentials, is becoming more common and the U of T community is encouraged to keep an eye out for attempts in their inboxes. QR code phishing, or quishing, has elicited reports from staff, faculty and students who have received emails and messages with embedded QR codes that lead to malicious sites.

Multi-factor authentication is an effective way to protect your accounts, but scammers are trying to bypass MFA protection by using MFA spamming techniques. MFA spamming happens when a scammer has acquired your account credentials and attempts to log in to your account by initiating multiple MFA notifications until you approve one of them. Scammers often ...

On Sept. 19, staff members from various tri-campus units came together to acknowledge the work they are doing to advance information security awareness at the University of Toronto. These members have been championing security awareness by onboarding their units onto the Security Awareness and Training (SAT) institutional platform. The gathering was an opportunity to recognize ...

The Ontario Cyber Security Centre of Excellence recently published an article about the artificial intelligence (AI) chatbot ChatGPT, capable of human-like conversations and performing tasks such as generating content ideas and simplifying complex topics. However, there are significant cyber security risks associated with ChatGPT. These include the potential for malicious code generation, crafting convincing phishing ...

In June 2023, the University launched the Security Awareness Training (SAT) Foundations project as part of the broader Security Awareness and Training Program (SATP). Co-led by Raphaelle Gauriau, Manager, Information Security Strategic Execution, ITS and John Stewart, Information Security Program Manager, I&ITS, U of T Scarborough, the project aims to provide U of T staff, ...

The Office of the Chief Information Security Officer has officially released the University of Toronto’s Information Security Strategy. “The strategy was developed through a community-driven approach, involving extensive consultation with academic and administrative units and incorporates the voices of several community members. I thank everyone who contributed to this effort,” said Kalyani Khati, Associate Director, ...

Scammers use social engineering tactics to gain access to organizational systems and cause data breaches. One tactic that has increased recently is MFA fatigue, which overwhelms users with continuous MFA notifications (such as the UTORMFA Duo Mobile prompts) until they approve the login request to stop the surge of notifications being sent to their devices. ...

The Office of the CISO put together guidelines and quick tips to reduce the risk for our U of T community on both personal and University-owned devices.