Student malware incident: next steps and action required

On Saturday Feb. 23, many students received a malicious email regarding a ‘refund payment’. The email contains an attachment which, if opened, causes a prompt for credentials and installs software. Please read further if you recognize this incident:

  • If you have received the email and not opened the attachment, delete the email.
  • If you have received the email, opened the attachment, and entered any login and password:
    • You must change your password immediately for whichever service you may have used. If you entered a UTORid and password, change it here: https://www.utorid.utoronto.ca/cgi-bin/utorid/changepw.pl.
    • Malware may have been installed on your device as a result of opening the attachment. The best way to ensure your device is not compromised is to re-install your operating system and restore data using a backup. If you do not follow this procedure, we recommend you scan your device using anti-virus software for the next few days. If your anti-virus software removes the malware, you should change all passwords that you used during the compromise interval. Please monitor: https://securitymatters.utoronto.ca for updates on anti-virus effectiveness.

The malicious email was removed from your mailbox using automated tools. No mailboxes were accessed, and no email was exposed via this automated process.