Description of the phish
This phishing email attempts to steal personal information, login credentials and Duo one-time passcodes by providing false information about the user’s UTORid/JOINid being filed for deactivation.
How to protect yourself
- If you receive a Duo, UTORMFA or any other MFA notification that you did not initiate, do not approve the request.
- Do not respond to emails that ask for your MFA one-time passcodes and report them to firstname.lastname@example.org.
What to do if you engaged
If you engaged with the sender, please reach out to email@example.com immediately.
Subject: UofT: Duo Security Appointment Form
Your UTORid / JOINid account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder.
But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account.
Please send the requested information below to this phone number *malicious phone number* via SMS ONLY, to verify your UTORid / JOINid immediately to avoid Deactivation and to book an appointment:
* Full Name:
* Campus Email:
* UTORid / JOINid:
* DUO Security Cell Phone Number:
* Duo 6 digit passcode on your Duo Mobile (Kindly check your Duo Mobile) :
* Date of Birth:
NOTE: Please check your Duo Mobile and fill in the 6-digit passcode above correctly.
Please note the one-time submission and entry only..