Cybercriminals take advantage of our favourite communications mediums including phones, text messages, email, websites, and apps in an attempt to get us to share personal, financial, and other sensitive information.
Phishing attacks have become increasingly sophisticated. These days, anyone can fall victim.
- Change your UTORid password immediately.
- Report the message and/or details to U of T’s Phishing Response team at email@example.com
- Should you require further assistance, reach out to your local help desk:
Forward it to firstname.lastname@example.org
- Be wary of any urgent emails, texts, or phone calls that require a quick response. Double check the sender information, ask a colleague, or try to contact the sender through another channel to confirm the request.
- Before clicking on links or opening email attachments, make sure it was sent by a trusted source and that they intended to send it to you.
- Never respond directly to a suspected phishing email.
- Avoid sharing personal information via email, text message, or over the phone, if you do not know for certain who the caller is or who they are calling on behalf of.
- If you suspect a message is a phishing scam, forward it to email@example.com
- If you think you may have accidentally fallen for a phishing scam, change your password immediately and contact firstname.lastname@example.org
- Purchase gift cards
- Upgrade an account
- View or pay an overdue bill
- Share personal or account information
- Install an application
- Reset your password
Cybercriminals may try to impersonate someone you know or an organization that you trust in order to gain access to:
- Your personal contact information so they can attempt to contact you outside of U of T channels where the university cannot assist or protect you.
- Financial information or money: they may ask you to purchase gift cards or to send money.
- They may pose as a health or university authority with urgent information, asking you to click on malicious links or download and open malware to gain access to your computer.
- Your computer: they may pose as a health or university authority with urgent information, asking you to click on malicious links or download and open malware.
- Any other sensitive information that they can use to their advantage.
- Common Phishing: Fraudulent messages sent in an attempt to convince the recipient to share sensitive information.
- Spear Phishing: Phishing messages targeting a specific individual.
- Smishing: Phishing via text message.
- Vishing: Phishing via a phone call.
- Whaling: Phishing messages targeting high profile individuals, including celebrities, politicians or executives.
Cybercriminals have a variety of tools at their disposal for conducting phishing attacks – in fact, they’re the same tools we use and enjoy regularly, including:
- Phone calls
- Text messages
- UTM Anti-phishing Training & Outreach page
- Citizen Lab's Security Planner
- Canadian Centre for Cyber Security
- U of T Security Matters