On Nov. 16, University of Toronto (U of T) staff reported suspicious emails sent from accounts belonging to University administrators. The emails contained a request for recipients to purchase gift cards with their personal credit card with reimbursement promised in the near future.
The emails were “spoofed” – meaning the display name and domain URL were disguised to appear to originate from a senior executive at the University. This year, there has been a noticeable increase in these types of phishing attacks. To avoid falling victim to these types of cyber crimes, always follow up in person or by phone in regard to a request that is unexpected, urgent and/or atypical of your day-to-day interactions.
Examples of similar phishing attacks at the University include emails from:
- A company named Xero asking for invoice payment.
- Netflix warning that account information needs to be updated or service will be limited.
- Someone you know asking you to quickly purchase iTunes gift cards.
- Someone you don’t know making an Interac transfer to your bank account.
You can view a collection of reported phishes by visiting the Security Matter’s Phish Bowl.
To report a suspicious email or phishing attack, contact firstname.lastname@example.org.
For more tips on how to stay safe online at work visit our Security Matters blog and check out our tip sheets.