smishing

Smishing campaigns target Rogers subscribers

August 16, 2022

Following the nation-wide Rogers outage on July 8, there have been reports of smishing (SMS phishing) campaigns targeting Rogers customers.

CTV News recently reported smishing campaigns asking Rogers customers to click on malicious links to receive a service disruption refund. An example of this is a message that a Twitter user received asking him to click on an unknown link to receive $50 credit.

Rogers has stated that the company doesn’t require any action from its subscribers and will auto-refund a portion of their bill to their account. They have also urged subscribers to forward the suspicious text messages to 7726 (SPAM).

What to do if you receive a suspicious email or text message:

  • Do not click the link, provide personal information, open the attachment, send SMS or forward the email to your contacts.
  • Forward the email to report.phishing@utoronto.ca and then delete it from your inbox.
  • If you already engaged with the email, please contact security.response@utoronto.ca immediately for assistance.
  • Visit the Security Matters website regularly to stay updated and aware about online safety.

Further resources for online safety:

New phishing email impersonating Information Technology (IT) administration

January 20, 2022

Phishing emails are designed to trick recipients into taking an action, such as clicking a malicious link or opening a malicious attachment. Hackers may also use tactics like smishing, which attempt to trick the recipients through text messages or SMS.

This week, members of the University of Toronto (U of T) community received an email impersonating U of T’s IT administration that asked recipients to respond through SMS. Please note that any technology upgrades or updates will always be communicated by your division or department through official U of T channels prior to deployment.

Sense of urgency is a big factor that hackers use to get recipients to take action. You will be able to identify and report phishing by taking a moment to review your emails for common red flags.

The image below marks the red flags to look out for:

Smishing attack with red flags

Hackers are constantly adopting new techniques to steal information, so it is imperative that we stay alert and aware to better protect ourselves online.

What to do if you receive a suspicious email

  • Review the common red flags.
  • Do not act on any of the email prompts including clicking the link, providing personal information, opening the attachment or sending SMS.
  • Forward the email to report.phishing@utoronto.ca and then delete it from your inbox.
  • If you already engaged with the email, please contact security.response@utoronto.ca  immediately for assistance.

Visit the Security Matters website for more information.

[Phish] You have got an urgent message from the University of Toronto.

January 20, 2022

Details:

Subject: You have got an urgent message from the University of Toronto.

Text:

Dear User,
This is to let you know that our web-mail server will be upgraded and maintained soon.

If you don’t want your e-mail account to be terminated during the upgrade,

Send “UTORONTO–UPGRADE” to *malicious phone number inserted here*

You will receive instructions on how to upgrade your account via text message.

If you do not comply with the above, your email access will be disabled.
Please accept our apologies for any inconvenience this may cause.

 

Regards
System Administrator
The University of Toronto

New wave of phishing attacks

November 23, 2021

Access to a diverse range of data from sensitive personal information to confidential research data, has made the University of Toronto (U of T) a popular target for various cyber-threats including phishing.

Last week, more phishing attempts were reported as targeting the U of T community. The rising occurrence of phishing campaigns should serve as a reminder to stay aware and learn how to identify and report phishing.

Job scam emails

Job scam emails are crafted with the intent of gaining access to personal or institutional information. They are usually unsolicited and masquerade as employment offers to captivate the recipients’ interest. Often, hackers pretend to be from a well-known and legitimate company to convince recipients to respond to their email. These emails usually prompt recipients to reply to the message, click on a malicious link or download an attachment.

Unsolicited emails with employment offers that seem too good to be true should be treated with suspicion. Legitimate companies typically post vacancies with detailed job descriptions and department information on their official website or a trusted job search website. Qualified candidates are then contacted for interviews via official channels of communication.

Below are the two job scam emails that were sent to U of T community members. Review the emails to identify some of the red flags:

Phishing email impersonating U of T HR department for job scam

Image 1: This phishing email impersonates a U of T staff member and contains a malicious link.

Phishing email impersonating U of T HR department

Image 2: This phishing email impersonates a U of T staff member and contains a malicious phone number to respond.

The second email takes a more sophisticated approach as it attempts to get the recipient to respond through a text message. This is called smishing, a type of social engineering where cyber criminals attempt to trick the recipients through text messages. Like phishing, smishing depends on tricking recipients into co-operating by texting or providing personal information.

Spoofing and spear phishing

Email spoofing is a technique hackers use to make phishing emails appear to be from a trusted and legitimate source. For example, the email below (image 4) appears to be sent from Microsoft, however, it includes an urgent prompt to click on a malicious link leading to a spoofed login page. Hackers attempt to mislead recipients into providing their username, password and other important information.

Sometimes, hackers target an individual or a small group within an institution. These emails often address the recipient by name and include personalized language. This is called spear phishing and can be hard to spot without close inspection.

Review the emails below to identify the red flags:

Phishing email about voicemail containing malicious attachment

Image 3: This phishing email tries to trick the recipient into thinking they have a voicemail, which is a malicious attachment.

Phishing email mimicking MS Office password expiry notice

Image 4: This phishing email mimics a system-generated password expiration email from Microsoft and contains a malicious link.

Please note that any information about technology upgrades or updates will always be communicated by your division or department through official U of T communication channels.

Phishing continues to be one of the most prevalent forms of social engineering. For more information about protecting yourself online, please visit https://securitymatters.utoronto.ca/.