Anti-phishing Resources

Phishing / Fraudulent Messages

Cybercriminals take advantage of our favourite communications mediums including phones, text messages, email, websites, and apps in an attempt to get us to share personal, financial, and other sensitive information.

Phishing attacks have become increasingly sophisticated. These days, anyone can fall victim.


If you have fallen victim to a phish/fraudulent message


If you suspect you have received a phish/fraudulent message

Forward it to


Protect yourself

Recognizing a phish

  • Be wary of any urgent emails, texts, or phone calls that require a quick response. Double check the sender information, ask a colleague, or try to contact the sender through another channel to confirm the request.
  • Before clicking on links or opening email attachments, make sure it was sent by a trusted source and that they intended to send it to you.
  • Never respond directly to a suspected phishing email.
  • Avoid sharing personal information via email, text message, or over the phone, if you do not know for certain who the caller is or who they are calling on behalf of.
  • If you suspect a message is a phishing scam, forward it to
  • If you think you may have accidentally fallen for a phishing scam, change your password immediately and contact


Be wary of messages asking you to...

  • Purchase gift cards
  • Upgrade an account
  • View or pay an overdue bill
  • Share personal or account information
  • Install an application
  • Reset your password


What do cybercriminals want?

Cybercriminals may try to impersonate someone you know or an organization that you trust in order to gain access to:

  • Your personal contact information so they can attempt to contact you outside of U of T channels where the university cannot assist or protect you.
  • Financial information or money: they may ask you to purchase gift cards or to send money.
  • They may pose as a health or university authority with urgent information, asking you to click on malicious links or download and open malware to gain access to your computer.
  • Your computer: they may pose as a health or university authority with urgent information, asking you to click on malicious links or download and open malware.
  • Any other sensitive information that they can use to their advantage.


Phishing basics

Types of phishing scams

  • Common Phishing: Fraudulent messages sent in an attempt to convince the recipient to share sensitive information.
  • Spear Phishing: Phishing messages targeting a specific individual.
  • Smishing: Phishing via text message.
  • Vishing: Phishing via a phone call.
  • Whaling: Phishing messages targeting high profile individuals, including celebrities, politicians or executives.


Cybercriminal tools

Cybercriminals have a variety of tools at their disposal for conducting phishing attacks – in fact, they’re the same tools we use and enjoy regularly, including:

  • Email
  • Phone calls
  • Text messages
  • Websites
  • Apps