[Phish] UofT: Duo Security Appointment Form

DUO notification phish email sent to U of T community
Some U of T community members reported receiving this phishing email. Do not respond, click any links or provide personal information. If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Description of the phish

This phishing email attempts to steal personal information, login credentials and Duo one-time passcodes by providing false information about the user’s UTORid/JOINid being filed for deactivation.

How to protect yourself

  1. If you receive a Duo, UTORMFA or any other MFA notification that you did not initiate, do not approve the request.
  2. Do not respond to emails that ask for your MFA one-time passcodes and report them to report.phishing@utoronto.ca.

What to do if you engaged

If you engaged with the sender, please reach out to security.response@utoronto.ca immediately.

Email details

Subject: UofT: Duo Security Appointment Form

Your UTORid / JOINid account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder.

But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account.

Please send the requested information below to this phone number *malicious phone number* via SMS ONLY, to verify your UTORid / JOINid immediately to avoid Deactivation and to book an appointment:

* Full Name:

* Campus Email:

* UTORid / JOINid:

* Passw0rd:

* DUO Security Cell Phone Number:

* Duo 6 digit passcode on your Duo Mobile (Kindly check your Duo Mobile) :

* Date of Birth:

NOTE: Please check your Duo Mobile and fill in the 6-digit passcode above correctly.

Please note the one-time submission and entry only..