[Phish] Covid-19 Support

Details:

Subject: Covid-19 Support

Text:

In response to the current hardship in the community due to the COVID-19 pandemic, The University of Toronto has decided to support both Faculty & Staff and Students to get through these hard times.

The University of Toronto will award CAD 2,920 COVID-19 support to all eligible Faculties, Staffs and Students, starting from today, Monday, 1 November 2021.

Visit the University of Toronto giveaway page and register with your information to be eligible for this giveaway.

Note: If you do not submit all the information requested, your application will not be processed.

Sincerely,

COVID-19 Support Team

University of Toronto
27 King’s College Cir, Toronto, ON M5S 1A1, Canada

U of T community: Watch out for payroll fraud phishing email

Phishing has become one of the most popular subsets of social engineering. It is likely that most people have received an email urging action on an unknown link or attachment to prevent being ‘locked out of your accounts’. According to the 2021 Data breach Investigations Report (DBIR) by Verizon, 36 per cent of online breaches involved phishing, which is an 11 per cent increase from last year.

While some phishing emails might look suspicious due to poor grammar, spelling mistakes and other red flags, hackers have become more advanced, and their phishing attempts are more successful. Spear phishing is one of the most common and dangerous methods used to conduct fraud, usually on specific individuals or organizations. Often, the recipients are asked to open a malicious attachment or click on a link that takes them to a spoofed website where they are asked to provide passwords or other personal information.

Recently, members of the University of Toronto (U of T) community received a phishing email that contained a link leading to a spoofed version of the UTORid login page. Here are some of the red flags that were present in the email:

Phishing email sent to U of T community

  • Email spoofing: Email spoofing is the act of sending phishing emails from a forged email address. This is a technique used in most phishing emails to get the recipients to open and engage with the email. In this instance, the hacker is attempting to impersonate U of T administration by using an official U of T email domain. 
  • Generic greeting: Legitimate emails from a trusted organization or emails exchanged between colleagues will often include a direct greeting (your name). Hackers typically use generic greetings such as “Dear Member” or “Good morning” because they are sending mass emails and do not have access to your personal information (name). However, more advanced attacks may address you by name, which is why you should stay informed of all the different phishing red flags.  
  • Suspicious link and cloned web page: This phishing email contained a link to a .PDF extension — hovering over the link uncovered a suspicious URL unrelated to any known U of T websites. This link leads to a cloned version of the UTORid login page. A cloned webpage works by copying the front-end of a website to trick the email recipient into trusting the page and inputting their personal information. U of T staff, faculty and students will never be asked to provide their UTORid credentials via email. 
  • Poorly worded email: Often, you can spot a phishing email by the poor use of grammar and spelling. Right from the subject line, this email displayed both these flaws. Always ensure to read the email carefully and check for spelling and grammatical mistakes, as well as oddly worded sentences. 
  • Demanding urgent action: A common tactic used by hackers is to create a sense of urgency. This tactic is widely successful because recipients feel too rushed to analyze the email in detail and are more likely to fall for the attack. In this instance, the sender asked the recipient to manually approve the schedule within “48hours” (note the grammatical error) of receiving the email.  

Learn more about identifying and reporting a phishing attempt 

[Phish] 21/22 Payroll Calender

Details:

Subject: 21/22 Payroll Calender

Text:

Dear Member
You new payroll schedule calendar for 2021/22 is now available for your approval.

Payroll-21/22.pdf

We require your manual approval within the next 48hours after receipt.
Best Regards,
The University of Toronto

Recent phishing attempt poses as U of T administration

Phishing continues to play a big role in the digital threat landscape. To further enhance the University of Toronto’s (U of T) cyber defences, we are highlighting a recent cyber attack that was successfully thwarted on Oct. 18. U of T community members received a phishing email where the hacker impersonated a U of T administrator role. Suspiciously, the email came from a fake U of T student email, ending in mail.utoronto.ca. The attack aimed at retrieving the user’s credentials through a link, which at first glance looks legitimate, but was obscured using a URL shortening feature.

Although, the attempt could seem sophisticated, the hacker used a few telltale signs of a malicious email:

  • Email spoofing: This is a technique used in phishing attacks to trick users into thinking a message came from a known and trusted source. In these attacks, the sender forges email headers so that the email displays the fraudulent sender address. In this instance, the sender was pretending to be a U of T administrator, however the email address used was a student email.
  • Sense of urgency: Evoking a sense of panic, urgency, or curiosity is a commonly used tactic to scare recipients into giving up confidential information. The email subject and body suggest urgent action requirement and the recipient’s account being locked if they don’t click on the link.
  • Requesting personal information: The copy asks the recipient to log in using the given link, which is another telltale sign used by hackers to steal credentials, leading to further damage such as identity theft, loss of other information and more.
  • Suspicious links: The URL in the copy contains terms such as ‘utoronto’ and ‘verified-account’ to make it seem legitimate, however a suspicious bit.ly link is exposed when hovering over the written link. Hackers use URL shorteners, such as bit.ly, to bypass email filters and trick users to click on malicious links.

How to spot phishing email

Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information or bank account details.

Here are some steps you can follow to in the case you receive a suspicious email:

  • Report phishing messages by either using the “report message” function in your Office 365/UTMail+ inbox or report it to report.phishing@utoronto.ca.
  • When in doubt, call or ask the sender in person to confirm that the email was really from them.
  • If you opened an attachment that was provided in a phishing email, contact to your local IT service desk immediately.
  • If you suspect your password may have been compromised due to an attack, ensure you immediately change it.

Visit here for more information on identifying and reporting a phishing attempt.

[Phish] IMPORTANT: Action Required!

Details:

From: John Doe<John.Doe@mail.utoronto.ca>

Subject: IMPORTANT: Action Required!

Text:

Your account has been held for your protection.

Please log on here now https://idpz.utorauth.utoronto.ca/-verified-account//.. and follow the instructions.
If you fail to do this, Your account will be permanently blocked.

Thank You

© University of Toronto

Please do not reply to this message. Mail sent to this address cannot be answered.