[Phish] UofT: Duo Security Appointment Form

Some U of T community members reported receiving this phishing email. Do not respond, click any links or provide personal information. If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Description of the phish

This phishing email attempts to steal personal information, login credentials and Duo one-time passcodes by providing false information about the user’s UTORid/JOINid being filed for deactivation.

How to protect yourself

  1. If you receive a Duo, UTORMFA or any other MFA notification that you did not initiate, do not approve the request.
  2. Do not respond to emails that ask for your MFA one-time passcodes and report them to report.phishing@utoronto.ca.

What to do if you engaged

If you engaged with the sender, please reach out to security.response@utoronto.ca immediately.

Email details

Subject: UofT: Duo Security Appointment Form

Your UTORid / JOINid account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder.

But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account.

Please send the requested information below to this phone number *malicious phone number* via SMS ONLY, to verify your UTORid / JOINid immediately to avoid Deactivation and to book an appointment:

* Full Name:

* Campus Email:

* UTORid / JOINid:

* Passw0rd:

* DUO Security Cell Phone Number:

* Duo 6 digit passcode on your Duo Mobile (Kindly check your Duo Mobile) :

* Date of Birth:

NOTE: Please check your Duo Mobile and fill in the 6-digit passcode above correctly.

Please note the one-time submission and entry only..

[Phish] (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

Details:

Subject: (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

Microsoft 2FA Policy

Dear user ,

Your authenticator session is expiring today, Kindly re-authenticate to avoid being locked out of your email account.

Quickly Scan below QR Code with your Smartphone camera to re-authenticate your password security.

*malicious QR code*

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or may otherwise be protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachment thereto

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.