Image of spoofed web page

Some U of T community members reported receiving this phishing email. Do not respond, click any links or provide personal information if you receive this email.

Description of the phish

This phishing email attempts to steal the user’s login credentials by providing false information about their UTORid being filed for deactivation. The email contains a link to a web page spoofed to look like a U of T web page. The URL mentioned in the email was also replicated to look like a UTORid related web page.

Such emails can cause panic to the recipients, prompting them to act on the instructions without thinking. Always pause to think and look out for red flags when you receive a suspicious email.

How to protect yourself

1. If you receive requests for services such as UTORid or password reset that you did not initiate, do not engage.
2. Report suspicious emails to report.phishing@utoronto.ca.

What to do if you engaged

If you engaged with the sender, please reach out to security.response@utoronto.ca immediately.

Email details

Subject: University of Toronto – termination of your UToronto Email

Dear UToronto Email User,

According to our records, you recently requested the cancellation of your UToronto Email account.

If you were unaware of this request, it is recommended that you verify your account.

To verify your account click link below: If you do not verify your account, your account will be terminated.

*malicious link*

Warm Regards,

*Incorrect email signature*

Description of the phish

This is qishing, a social engineering tactic where malicious actors use QR codes to steal information from unsuspecting recipients. This message was sent to U of T community members via LinkedIn.

How to protect yourself

If you receive an unsolicited QR code, do not scan the code as it could be a phishing attempt.

Email details

This link works for anyone in your organization.

Atatched is a brief presentation, please take a look and let me know if we could take on a joint development on this projects or any other means.

Scan the below QR code using your phone to get started.

*Malicious QR code*

Microsoft respects your privacy. To learn more, please read out Privacy Statement.

Microsoft Corporate, one Microsoft Way, Redmond, WA 98052

Details:

Subject: CAMPUS RECRUITMENT AT THE UNIVERSITY OF TORONTO

Hello Selected candidate,

We received your resume application via the University recruiting department, offering a part time position for all students and staff, this will only require 1-2hrs 3 days a week, no work experience or skill is required. You can make $650 weekly without affecting your regular activities and academics

To Apply, kindly follow the link or email/text below

*Malicious link*

Administrator

*Malicious website link*

UofT Employee Self-Service

If you have received a suspicious email:

• Please report it to report.phishing@utoronto.ca.
• Delete the email immediately from your mailbox.
• Don’t click any links, download attachments or engage with the sender.
• Please do not forward or share the email with your colleagues and other contacts.

Learn more about what to do if you suspect a phishing attempt.

Details:

Subject: UTSU Cyber Security: Duo Security Form Urgently Needed

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing. Failure to comply will result in blocking your UofT campus email address with immediate effect.

Register here *malicious link*

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: A push request/code will be sent to your device to confirm your login credentials, you will accept the push request on your device/send me the code once we contact you via text message.

If you receive a Duo Mobile push notification for UTORMFA or other MFA-enabled accounts that you did not initiate, do not approve the request.

Details:

Subject: UTSC Duo Security Update: All Students Should Apply Now

Kindly fill and submit the student course registration form to book an appointment for the on-going Duo Security Update interview below, Once done and submitted, then i can have your appointment approved and booked. It’s imperative as a student at the University to book an appointment today for this exercise and fight against Phishing. This exercise is meant for the school database, course upgrade, Duo Security Update/Confirmation and Fight against Phishing

Register here {Malicious link}

You will be contacted via SMS within the next 14 days or more, just to confirm you already enrolled for Duo Security and to make sure its enabled, so we will contact you via SMS( with your JoinID so you can know and confirm it’s from the school security dept) when logging into your Utoronto Mailbox Account to either push the Duo Security Button on your phone or send us the code that will be sent to your cell phone number registered with the Duo Security, in order to access your account and confirm everything is intact, is that understood?. This exercise will be done repeatedly.

This form enables us to perform the monthly database, course upgrade and security check. Please fill and submit the form with the correct information and we will be in touch.

NB: Do Not Reply Back to this email

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Details:

Subject: RE: Urgent Student Payment Reminder

Dear student,

Our records show that you have not made your payment for the 2022-3023 Fall-Winter session.   Please make your payment by the end of this week to avoid a service charge

It is strongly recommended that you make regular payments to reduce the balance on your student account and thus reduce the amount of service charges incurred. Please Contect BUSry On EmailAddress: {redacted malicious email address} On ow to make your payment a financial hold will be placed on student accounts with unpaid balances for the 2022-2023 in 24hours.

Sincerely,

{Spoofed name}

University Registrar

University of Toronto

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Details:

Subject: University of Toronto Email Validation–ID-cdlhyuey63

Hello,

This email is to notify all students and staff that there is email validation exercises. We will need you to confirm that your email is still in use.

If you don’t want your e-mail account to be terminated during the exercise,

Send “Utoronto Email Validation” to {malicious phone number}

if you do not comply with the above, your email access will be disabled.

Please accept our apologies for any inconvenience this may cause.

Regards

System Administrator

the University of Toronto

Message ID-cdlhyuey63

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Details:

Subject: Vacant position: virtual personal assistant.

We have an open position for a Virtual Assistant, that is you work remotely,performing various tasks and office support duties.

COVID-19 considerations:

Job is primarily remote at this stage.

Application question(s):

• What experience (personal or professional) of yours do you think best matches this position and why?

Work remotely:

• Yes

*TO APPLY: Email your name and phone number to {malicious email added here}

NOTE: Send the email message from your PERSONAL EMAIL ADDRESS (gmail, yahoo etc) and we will send you the job details.

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.