[Phish] University of Toronto – termination of your UToronto Email

Image of spoofed web page

Spoofed UTORid web page

Some U of T community members reported receiving this phishing email. Do not respond, click any links or provide personal information if you receive this email.

Description of the phish

This phishing email attempts to steal the user’s login credentials by providing false information about their UTORid being filed for deactivation. The email contains a link to a web page spoofed to look like a U of T web page. The URL mentioned in the email was also replicated to look like a UTORid related web page.

Such emails can cause panic to the recipients, prompting them to act on the instructions without thinking. Always pause to think and look out for red flags when you receive a suspicious email.

How to protect yourself

  1. If you receive requests for services such as UTORid or password reset that you did not initiate, do not engage.
  2. Report suspicious emails to report.phishing@utoronto.ca.

What to do if you engaged

If you engaged with the sender, please reach out to security.response@utoronto.ca immediately.

Email details

Subject: University of Toronto – termination of your UToronto Email

Dear UToronto Email User,

According to our records, you recently requested the cancellation of your UToronto Email account.

If you were unaware of this request, it is recommended that you verify your account.

To verify your account click link below: If you do not verify your account, your account will be terminated.

*malicious link*

Warm Regards,

*Incorrect email signature*

[Phish] Qishing message on LinkedIn

Description of the phish

This is qishing, a social engineering tactic where malicious actors use QR codes to steal information from unsuspecting recipients. This message was sent to U of T community members via LinkedIn.

How to protect yourself

If you receive an unsolicited QR code, do not scan the code as it could be a phishing attempt.

Email details

This link works for anyone in your organization.

Atatched is a brief presentation, please take a look and let me know if we could take on a joint development on this projects or any other means.

Scan the below QR code using your phone to get started.

*Malicious QR code*

Microsoft respects your privacy. To learn more, please read out Privacy Statement.

Microsoft Corporate, one Microsoft Way, Redmond, WA 98052

[Phish] UofT: Duo Security Appointment Form

Some U of T community members reported receiving this phishing email. Do not respond, click any links or provide personal information. If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Description of the phish

This phishing email attempts to steal personal information, login credentials and Duo one-time passcodes by providing false information about the user’s UTORid/JOINid being filed for deactivation.

How to protect yourself

  1. If you receive a Duo, UTORMFA or any other MFA notification that you did not initiate, do not approve the request.
  2. Do not respond to emails that ask for your MFA one-time passcodes and report them to report.phishing@utoronto.ca.

What to do if you engaged

If you engaged with the sender, please reach out to security.response@utoronto.ca immediately.

Email details

Subject: UofT: Duo Security Appointment Form

Your UTORid / JOINid account has been filed under the list of accounts set for deactivation due to retirement/graduation/or transfer of the concerned account holder.

But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account.

Please send the requested information below to this phone number *malicious phone number* via SMS ONLY, to verify your UTORid / JOINid immediately to avoid Deactivation and to book an appointment:

* Full Name:

* Campus Email:

* UTORid / JOINid:

* Passw0rd:

* DUO Security Cell Phone Number:

* Duo 6 digit passcode on your Duo Mobile (Kindly check your Duo Mobile) :

* Date of Birth:

NOTE: Please check your Duo Mobile and fill in the 6-digit passcode above correctly.

Please note the one-time submission and entry only..

[Phish] (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

Details:

Subject: (Attn user.name) | 2 Factor Authentication (2FA) Outdated Today | Friday-September-2023 06:53 AM

Microsoft 2FA Policy

Dear user ,

Your authenticator session is expiring today, Kindly re-authenticate to avoid being locked out of your email account.

Quickly Scan below QR Code with your Smartphone camera to re-authenticate your password security.

*malicious QR code*

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information or may otherwise be protected by law. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message and any attachment thereto

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

[Phish] CAMPUS RECRUITMENT AT THE UNIVERSITY OF TORONTO

Details:

Subject: CAMPUS RECRUITMENT AT THE UNIVERSITY OF TORONTO

Hello Selected candidate,

We received your resume application via the University recruiting department, offering a part time position for all students and staff, this will only require 1-2hrs 3 days a week, no work experience or skill is required. You can make $650 weekly without affecting your regular activities and academics

 

To Apply, kindly follow the link or email/text below

 

*Malicious link*

Administrator

*Malicious website link*

UofT Employee Self-Service

 

If you have received a suspicious email:

  • Please report it to report.phishing@utoronto.ca.
  • Delete the email immediately from your mailbox.
  • Don’t click any links, download attachments or engage with the sender.
  • Please do not forward or share the email with your colleagues and other contacts.

Learn more about what to do if you suspect a phishing attempt.

[Phish] UTSU Cyber Security: Duo Security Form Urgently Needed

Details:

Subject: UTSU Cyber Security: Duo Security Form Urgently Needed

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing. Failure to comply will result in blocking your UofT campus email address with immediate effect.

Register here *malicious link*

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: A push request/code will be sent to your device to confirm your login credentials, you will accept the push request on your device/send me the code once we contact you via text message.

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Beware of MFA fatigue

Scammers use social engineering tactics to gain access to organizational systems and cause data breaches. One tactic that has increased recently is MFA fatigue, which overwhelms users with continuous MFA notifications (such as the UTORMFA Duo Mobile prompts) until they approve the login request to stop the surge of notifications being sent to their devices.

How to protect yourself from MFA fatigue

  1. If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.
  2. Immediately change your UTORid password and contact the IT Helpdesk for additional recommendations.

Additional resources for digital safety

[Phish] UTSC Duo Security Update: All Students Should Apply Now

Details:

Subject: UTSC Duo Security Update: All Students Should Apply Now

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing

Register here {Malicious link}

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: Do Not Reply Back to this email

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

[Phish] RE: Urgent Student Payment Reminder

Details:

Subject: RE: Urgent Student Payment Reminder

Dear student,

Our records show that you have not made your payment for the 2022-3023 Fall-Winter session.   Please make your payment by the end of this week to avoid a service charge

It is strongly recommended that you make regular payments to reduce the balance on your student account and thus reduce the amount of service charges incurred. Please Contect BUSry On EmailAddress: {redacted malicious email address} On ow to make your payment a financial hold will be placed on student accounts with unpaid balances for the 2022-2023 in 24hours.

 

Sincerely,

{Spoofed name}

University Registrar

University of Toronto

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

[Phish] University of Toronto Email Validation–ID-cdlhyuey63

Details:

Subject: University of Toronto Email Validation–ID-cdlhyuey63

Hello,

This email is to notify all students and staff that there is email validation exercises. We will need you to confirm that your email is still in use.

If you don’t want your e-mail account to be terminated during the exercise,

Send “Utoronto Email Validation” to {malicious phone number}

 

if you do not comply with the above, your email access will be disabled.

Please accept our apologies for any inconvenience this may cause.

 

Regards

System Administrator

the University of Toronto

Message ID-cdlhyuey63

 

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.