40,000 U of T student emails targeted by phishing attempt – The Varsity | #phishing | #scams | #education | #technology | #infosec



On November 1, U of T alerted students that scam emails were being sent to their school emails. The notice warned that “many members of [the U of T] community have received an email purporting to be from the ‘COVID-19 Support Team.’ This email encourages recipients to visit the ‘University of Toronto giveaway page’ to be eligible for a one-time cash award.” 

The original scam email offered $2,920 to all eligible faculty members, staff, and students due to the ongoing pandemic, claiming that U of T has decided to support community members so they could “get through these hard times.” The email asked ‘qualified’ community members to register with their information to be considered for the giveaway. It explained that any submission that did not have all of the information the email requested would not be processed. 

Isaac Straley, chief information security officer, wrote that this incident “appears to have been a well-coordinated phishing campaign” and that around 40,000 people across the university received the email. Straley wrote that U of T is currently retracting the emails and blocking access to malicious websites. 

An increase in scam emails 

The recent warning about email scams is not the only warning about cybersecurity that the university has recently given to students. In early fall, Toronto Police Services warned incoming students about phishing attempts targeting international students

Lucas Noritomi-Hartwig, a second-year student in computer science, math, and statistics, shared a screenshot to social media of another phishing email, which claimed that U of T is “closing all old versions of [its] Mailbox as from November 4th” and encouraged recipients to follow a link to update their account. “The post containing the screenshot of the email isn’t the only one I received,” he wrote to The Varsity. 

Noritomi-Hartwig expressed concern about the number of scam emails that have been sent out. He added that he examines hyperlinks on emails he receives and checks for typos on the websites they link to, which are common red flags from scam emails. 

“Considering how many scam emails have been sent, I would say the university could do more to prevent them (they will always occur, but they can be significantly minimized). But I also think people should do their best to learn how to spot scams so that they are less prone to falling victim to them in general,” he wrote. 

Noritomi-Hartwig acknowledged the efforts the university is making to ensure the safety of students’ information. He mentioned a warning email the university sent out to all students that directed them to the right resources to report suspicious communications. 

Students have been posting screenshots of potential scam emails on Reddit to get confirmation from other U of T students if the emails are scam are not. 

Addressing scams 

UTM Campus Safety has been spreading awareness and posting warning signs on social media for students who might be vulnerable to phishing scams. Throughout the first week of November, they posted daily fraud prevention tips in an effort to raise awareness and protect the UTM community from falling victim to any scams. 

Straley asked that community members who have received scam emails should forward them to [email protected] and immediately delete them. They also encouraged those who had given their personal information to these scams to contact [email protected] immediately. 

The Office of the Dean of Students has also released an email that warns students to be wary of giving their information to such emails. 

Campus Safety has also shared information on their website for students to learn more about fraud prevention and recovery from fraud. 

 



Source link