Blog

Four tips for safe online shopping
December 4, 2023
Holiday shopping season is around the corner! With great discounts and offers, also comes the risk of online fraud and scams. Here are four simple yet effective tips to have a safe online shopping experience: Before making any online payments, ensure a secure connection by verifying that the website’s URL begins with “https://” and has ...

Cyber Security Awareness Month 2023 campaign highlights
November 29, 2023
As part of Cyber Security Awareness Month 2023, University of Toronto launched a month-long campaign to spread security awareness and bring the tri-campus community together to discuss security matters. The theme of this year’s campaign revolved around the newly released Information Security strategy, with both virtual and in-person events focusing on the four information security ...

Quishing attempts on the rise
October 18, 2023
A new category of phishing, which uses malicious QR codes to steal user credentials, is becoming more common and the U of T community is encouraged to keep an eye out for attempts in their inboxes. QR code phishing, or quishing, has elicited reports from staff, faculty and students who have received emails and messages with embedded QR codes that lead to malicious sites.

MFA spamming: Pause before you proceed
September 28, 2023
Multi-factor authentication is an effective way to protect your accounts, but scammers are trying to bypass MFA protection by using MFA spamming techniques. MFA spamming happens when a scammer has acquired your account credentials and attempts to log in to your account by initiating multiple MFA notifications until you approve one of them. Scammers often ...

11 units engaged in Security Awareness and Training Foundations Project Phase 1
September 26, 2023
On Sept. 19, staff members from various tri-campus units came together to acknowledge the work they are doing to advance information security awareness at the University of Toronto. These members have been championing security awareness by onboarding their units onto the Security Awareness and Training (SAT) institutional platform. The gathering was an opportunity to recognize ...

Navigating the world of ChatGPT: Cyber security risks and awareness
September 18, 2023
The Ontario Cyber Security Centre of Excellence recently published an article about the artificial intelligence (AI) chatbot ChatGPT, capable of human-like conversations and performing tasks such as generating content ideas and simplifying complex topics. However, there are significant cyber security risks associated with ChatGPT. These include the potential for malicious code generation, crafting convincing phishing ...

Strengthening security awareness: Inviting appointed staff to lead the way
August 14, 2023
In June 2023, the University launched the Security Awareness Training (SAT) Foundations project as part of the broader Security Awareness and Training Program (SATP). Co-led by Raphaelle Gauriau, Manager, Information Security Strategic Execution, ITS and John Stewart, Information Security Program Manager, I&ITS, U of T Scarborough, the project aims to provide U of T staff, ...

University of Toronto’s Information Security Strategy released
July 31, 2023
The Office of the Chief Information Security Officer has officially released the University of Toronto’s Information Security Strategy. “The strategy was developed through a community-driven approach, involving extensive consultation with academic and administrative units and incorporates the voices of several community members. I thank everyone who contributed to this effort,” said Kalyani Khati, Associate Director, ...

Beware of MFA fatigue
April 25, 2023
Scammers use social engineering tactics to gain access to organizational systems and cause data breaches. One tactic that has increased recently is MFA fatigue, which overwhelms users with continuous MFA notifications (such as the UTORMFA Duo Mobile prompts) until they approve the login request to stop the surge of notifications being sent to their devices. ...

Guidelines on privacy and security for mobile apps
March 14, 2023
The Office of the CISO put together guidelines and quick tips to reduce the risk for our U of T community on both personal and University-owned devices.