Phishing scams target job-seeking students

Since May 25, Information Security and Enterprise Architecture (ISEA) has received several reports of a phishing scam that targets University of Toronto (U of T) students by offering various summer work opportunities. The phishing emails approach students with a job vacancy and prompt the recipient to divulge personal information in order to be considered for the position. Examples of these job phishing emails can be viewed on the Security Matters PhishBowl here: https://securitymatters.utoronto.ca/phish-part-time-personal-assistant-needed/.

If you’ve received an unsolicited email about a job opportunity through your University email address, ISEA recommends that you take the following measures:

  1. Do not respond to any unsolicited emails. If you do reply and have received an email response from the sender, you should refrain from further action: many of these scams engage the victim in divulging personal information over the course of an email exchange.
  2. Report the email to: report.phishing@utoronto.ca.
  3. Contact your local IT help desk if you clicked on a link you think may be malicious.
  4. If you provided sufficient information that you think your identity is at risk, contact your bank and follow their recommended procedures.
  5. If you provided your login and password to any account, change the password immediately; If this was your UTORid and password, please change it at utorid.utoronto.ca.

Meanwhile, the U of T community is advised to remain on alert for phishing emails. Be aware of classic signs of a phishing attempt and ask yourself:

  • Is the email unexpected or odd?
  • Does the email come with a sense of urgency?
  • Does the email ask for secrecy?

Keep in mind that phishing emails are becoming increasingly sophisticated: many scams look like authentic communications and do not contain spelling mistakes or grammatical errors. For more tips on how to spot phishing emails and stay safe online, visit the Security Matters resource section.