Phishing attacks targeting administration on the rise

This is an image of a businesswoman holding an email icon.

On Nov. 16, University of Toronto (U of T) staff reported suspicious emails sent from accounts belonging to University administrators. The emails contained a request for recipients to purchase gift cards with their personal credit card with reimbursement promised in the near future.

The emails were “spoofed” – meaning the display name and domain URL were disguised to appear to originate from a senior executive at the University. This year, there has been a noticeable increase in these types of phishing attacks. To avoid falling victim to these types of cyber crimes, always follow up in person or by phone in regard to a request that is unexpected, urgent and/or atypical of your day-to-day interactions.

Examples of similar phishing attacks at the University include emails from:

  • A company named Xero asking for invoice payment.
  • Netflix warning that account information needs to be updated or service will be limited.
  • Someone you know asking you to quickly purchase iTunes gift cards.
  • Someone you don’t know making an Interac transfer to your bank account.

You can view a collection of reported phishes by visiting the Security Matter’s Phish Bowl.

To report a suspicious email or phishing attack, contact

For more tips on how to stay safe online at work visit our Security Matters blog and check out our tip sheets.