A number of our clients have recently received a fraudulent email message. Please see the bottom of this article for the full content of the message.
Do NOT click on the link and ignore all emails that look anything like it . UofT will never send you emails asking you to click on a link to "update an account" or respond with account details.
Some telltale signs of email fraud:
1) The email urges you to take immediate action for some kind of account - URGENCY is usually a trap - the perptrator of the fraud is counting on you to make a panicked decision.
2) The email demands that you follow a link. Do not follow the link - in most cases it will lead to a site asking for you to log in, in others it leads to a website containing malicious software which can compromise your computer. Alternately the email requests that you respond with account details by email. U of T will never send out emails requesting your account details in this way.
3) Sometimes examining the sender address reveals it is clearly not from the organization it claims to represent. Please note sometimes a fraudster can either fake a U of T address or may have taken control of a real U of T account
4) More spelling or grammar mistakes appear than you would expect from professional communication.
All of these are present in the email below which was received by several of our clients this morning:
Date: Tue, 8 Nov 2016 17:05:31 +0100
From: U-Toronto Alumni <firstname.lastname@example.org>
Reply-To: U-Toronto Alumni <email@example.com>
Subject: Action Required: Update email now!
- This mail is in HTML. Some elements may be ommited in plain text. -
Your U of T email account information needs to be updated
, If this is not done we shall suspend your account.
U OF T ADMIN
All contents copyright © 2016 University of Toronto. All rights reserved.
If you are having issues logging in to your UTORexchange account, please retry with your username entered as utorarbor\UTORid (where UTORid is your actual UTORid). If you are still experiencing problems, contact the Help Desk.
If you use Facebook and have received a message from someone you know asking for your UTORid and password to get access to an article or for any other reason, this is a fraudulent message and it should be deleted.
Do not provide your UTORid or password to anyone. If your UTORid account is compromised, it will be blocked and you will not be able to use your U of T email and other services.
A new fraudulent email appearing to originate from the University of Toronto has been delivered to many email accounts at U of T.
The email is from an "@live.mercer.edu" email address and states that the University of Toronto has "temporarily suspended/disabled your account from all incoming messages". There is a link to “www.utoronto.ca" that actually directs victims to a phishing site. The email concludes with a threat stating that failure to click the link will result in account termination.
If you receive this email, do not click the link provided and mark as junk.
Messages sent out via the UofT liststerv service appear currently to be flagged as junk-email by one or more spam-blocking services, including the one we use at the University. This means that emails sent and distributed to listserv are being put into junk mail folders rather than the recipients inbox. Technicians are investigating and we hope to have a resolution soon.
Uodate: After Tuesday afternoon it appears that most messages sent to UofT email addresses from our listserve were being delivered normally. Email administrators are working to reduce the probability of our listserve emails being identified as junk-mail by external organizations moving forward.
We apologize for any inconvenience this may cause.
We have been notified by the email administrators that, due to space constraints, clients will be unable to migrate from UTORmail to UTORexchange. Quota increases are also unavailable.
A resolution to this issue is pending the outcome of discussions around Faculty & Staff eCommunications. For more about the Faculty & Staff eCommunications initiative please see: http://main.its.utoronto.ca/about/committees/faculty-staff-ecommunications-consultation/#1108
The UTORexchange weblogin page at owa.utoronto.ca will soon have a new look. The update will not change functionality in any way.
We have been alerted to attempts by hackers to target UofT students with fake “Blackboard” prompts, which redirect to a fake Blackboard login page. This could include receiving an email that says you have an important course announcement or assignment due.
The real UofT Blackboard can only be accessed via the UTWeblogin page. Also, always make sure that the URL says portal.utoronto.ca, and not blackboard.edu, or any other URL.
If you think you may have inadvertently typed your UtorID credentials into a fake version of Blackboard, please change your password - If you are unsure of how to do this safely, contact us for assistance.
If you are a current student, you have access to full desktop versions and mobile versions of Microsoft Office for free! More details and installation instructions are available from the Student Advantage and Office 365 ProPlus page.
If you have received an email stating that “With the strengthening off our security system and improving your mailing experience, We have detected your mail settings are out of date...”, this is a fraudulent email intended to steal your credentials and it should be deleted. Do not click on the link provided in this email message.
Because .zip files are sometimes used to transmit viruses or other malicious software by spammers, and in our recent experience, such files were circulated to the UofT community, new preventative measures have been introduced to reduce the possibility of viruses being spread.
If you are on UTORmail:
Messages sent by UTORmail customers with .zip attachments will have the file name changed by having “-utCAUTION! " appended to it. Before you are able to open it, you will need to remove “-utCAUTION!” from the name.
If you are on UTORexchange:
Messages sent by UTORExchange customers with *.zip attachments, will have the text “utCAUTION: .ZIP ATTACHMENT" added to the email Subject line and the text “PLEASE USE EXTREME CAUTION WHEN OPENING .ZIP ATTACHMENTS AS THEY MAY CONTAIN VIRUSES" in the email message body. The attachment itself will not be renamed.
There is an email being circulated spreading a virus to UofT email clients. The emails contai a .zip fail claiming to contain a PDF document. If someone opens the zip file, their machine becomes infected and it sends versions of itself to people in their address books.
Do NOT open the attachment. If you have, please contact your local IT professional or the Information Commons Help Desk.
You should never open a .zip file sent to you in email unless you are expecting it.
According to the FBI:
"University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.”
Scams of this nature are not likely limited to just US targets. For more information on avoiding email fraud, please see our article at: http://help.ic.utoronto.ca/content/77/1747/en/avoiding-email-fraud.html?highlight=phishing
for more information on this specific attack, please see: https://www.ic3.gov/media/2015/150113-2.aspx
where the address was www.utoronto.ca/[department] new address is sites.utoronto.ca/[department]
In preparation for additional UTmail+ services, updates will be rolled out to UTmail+ accounts beginning May 8, 2014. If you have only logged into your account using Outlook Web Access, nothing will change. If you use a mobile device or email application to access UTmail+, and are receiving error messages when your device or email application attempts to access UTmail+, you will need to adjust your account settings. Instructions for your particular device are available from our UTmail+ page.
You can also manually update your own account starting April 28 by following these instructions:
- Go to the UTORid page, choose update your UTmail+ settings for mobile device or IMAP access and follow the prompts. Wait at least 15 minutes before proceeding to step 2.
- Delete your UTmail+ account from your device or email application.
- Set up your account again using the appropriate instructions from the Help Desk. See the UTmail+ main page for links to your specific device.
On April 8, 2014, Microsoft ceased support for Windows XP. This means that you will no longer be able to get security updates, which leaves your computer vulnerable to security risks and viruses.
The Help Desk strongly recommends you upgrade to a supported version of Microsoft Windows if at all possible. If you are unable to do so, our article about Windows XP end of support may assist in reducing security issues, which may result in a compromised computer.
An email has been sent out in large volumes today where the address of the sender appears to be the Help Desk (firstname.lastname@example.org) - We did not send this email, nor would we ever send you an email with a link requiring you to log in with your credentials.
The subject line reads: Illegal Sign-in Alert
In some cases the body of the message may be blank - Otherwise the: The body reads:
Information Commons Help Desk
Illegal Sign-in Alert
We noticed series of login attempts to your UTORmail account from an unrecognized device today Sun, Dec 15, 2013 01:35 CEST from Pakistan.
Was this you? If so, you need to pass Help desk second sign-in verification thereof. However, if this wasn't you, please follow the link below please sign in and verify your account information by clicking the link below:
We shall continually notify you whenever theres any security compromise on your account.
Information Commons Help Desk
We do not send out messages of this nature. For more information on how to protect yourself from this kind of attack read the following article: http://help.ic.utoronto.ca/content/77/1747/en/avoiding-email-fraud.html?highlight=phishing
You may have received an email message that asks you to click on link to the "utoronto.ca message center" This email is fraudulent and does not originate from UofT. Do not click on the link in the message.
The message has the subject:
and the body of the email reads:
You will receive a warning when your utoronto.ca mailbox reaches 900000 KB.You may not be able to send or receive new mail until you reduce your mailbox size.To make more space available, Login Here to reduce your mailbox size.:LOGIN TO OUR UTORONTO.CA MESSAGE CENTRE
If you are unsure about an email that you think might be legitimate, you can contact: email@example.com or call us at 416-978-HELP (416-978-4357).
In order to allow our wireless networks to operate at faster speeds, very old wireless devices based on the 802.11b (or "Wireless B") standard will only operate at full speed (11 Mbps) — this means that older 802.11b wireless devices will need to be very close to the wireless access point in order to get a connection. Eventually, the Help Desk will cease support for the 802.11b wireless standard. If you have an old computer using the 802.11b wireless standard, you may be able to get a newer wireless g or n card.
The 802.11b standard was superceded in 2003 by 802.11g ("Wireless G") and again in 2009 by 802.11n ("Wireless N") which offer progressively faster speeds. Allowing devices to connect at slower 802.11b speeds has been slowing down all traffic through the access point. Based on usage statistics from early 2012 over a 3-month period, fewer than 1% of connections used 802.11b — we expect that percentage to be even lower now. UofT networks will continue to support the wireless A, G and N standards.
If you are a student who graduated this summer, your UTmail+ account using @mail.utoronto.ca is now able to receive emails addressed to your same email username @alum.utoronto.ca. This means that if you were firstname.lastname@example.org you can now receive email directed to email@example.com.
The University of Toronto has removed the weekly usage cap on our wireless networks. Historically, most clients were afforded a limit of 2 GB of traffic per week. This policy was put in place at a time when there were fewer high-bandwidth applications serving an academic function, internet traffic was more expensive, and the tools to prevent one client from crowding out others on a network were not as refined as they are today. As we are reaching the culmination of a significant wireless infrastructure modernization project, these quotas have now been removed in order to offer better support for academic and related activities.
Macintosh malware that has been around since late 2011 has resurfaced and could put your Mac at risk. Initially, it masqueraded as a fake Adobe Flash Player plug-in installer, but now, all you have to do is go to a malicious Web site containing Flashback with Java installed and you could give Flashback the opportunity to install itself on your Mac.
As of April 19, over 250 Mac infections have been reported on campus. See the Apple website for further information on protecting your Mac. If you have any questions, contact the Help Desk at 416-978-4357 for assistance.
You may have received an email message that asks you to reply with your UTORid and password or visit (a fake) self-service web page where you are prompted for account details. (It may have been delivered to your junk-mail folder.)
The latest messages are using official-looking UofT and UTmail+ logos -Currently the Subject line reads:
"Important Information University of Toronto ITS Server"
and the body of the email reads:
Your email account has been reported for numerous spams Activities
foreign ip recently. As a result of this the utoronto 's ITS
has received advice to suspend your account.
However, you might not be the one promoting this Spam,as your email account
might have been compromised.
To protect your account from sending spam mails, You are to confirm your true
ownership of this account by Clicking on this link below to Login and
confirm in one simple step.On receipt of the requested information,the utoronto.ca
Web-Mail email support shall block your account for Spam.
This message was sent by criminals who want to steal your account. Do not follow the link provided in the email – only log into websites you know to be legitimate UofT websites.
For more information on how to be sure that a website is legitimate please see this article: http://help.ic.utoronto.ca/content/77/1747/en/avoiding-email-fraud.html?highlight=Phishing
If you provided your credentials to the senders of this message, change your password right away. If you have further questions or concerns call the Help Desk @ 416-978-HELP(4357) or visit us during our hours of service.
UTORmail service for students ends June 1st! We recommend upgrading as soon as you can.
See full details at email.utoronto.ca.
Some devices Notably the Samsung Galaxy II have been unable to connect to UTmail+ with their built-in mail client. Microsoft has been notified of the current problems and they are working to restore full service.
Winter Hours – January 2 - May 4, 2012Information Commons Help desk
Robarts Library,1st Floor 130 St. George Street (416) 978-HELP (4357)
|Monday — Friday||Saturday||Sunday
|Walk-in||9:30 a.m. to 7:00 p.m..||11:00 a.m. to 2:00 p.m.||Closed|
|Telephone||8:30 a.m. to 9:00 p.m.||11:00 a.m. to 3:00 p.m.||1:00 p.m. to 5:00 p.m.|
For faster service, please include your Library number/UTORid with your question.
Your UTORid is the target of the latest round of "phishing" attacks we have seen at the University. The one most recently circulated includes a UofT crest, a warning that that you have received an infected file, and a link to a non-UofT website. The website that was being used on emails sent out on December 5 has been taken down due to an abuse complaint, however it is likely that fresh emails will be sent out pointing to a new website.
Protect yourself by verifying that you only use your UTORid on legitimate UofT websites. You can identify legitimate sites by looking at the security certificate. The certificate will appear as a green or blue bar or text in your web browser's address bar which will show that the site you are on has a University of Toronto (CA). Below is one example of how this looks. For more information on phishing attacks and examples of valid UofT site certificates on different browsers, please look at this article on avoiding email fraud .
The real UofT weblogin has a site certificate that looks like this:
Due to updates on our Exchange server Mac clients need to make the following changes:
In Entourage 2008 EWS
Select Allow when prompted with the following pop-ups: "Microsoft Entourage wants to use your confidential information stored in "Exchange" in your keychain. "The authenticity of "Microsoft Entourage" cannot be verified. Do you want to allow access to this item?"
This may pop-up multiple times, so click Allow each time it appears.
After a few minutes, new email messages should begin being delivered again to your Inbox.
In Outlook 2011
Select Allow when prompted with the following pop-ups: "Microsoft Outlook wants to use your confidential information stored in "Exchange" in your keychain. "The authenticity of "Microsoft Entourage" cannot be verified. Do you want to allow access to this item?"
This may pop-up multiple times, so click Allow each time it appears.
Additionally, the following message will pop-up afterwards – click Allow again. "Outlook was redirected to the server autodiscover.utoronto.ca to get new settings for your account, *.*@utoronto.ca. Do you want to allow this server to configure your settings?"
Within a few minutes the connection status in the bottom right-corner will change to "Connected..."
Apple Mail, iCal and your Address Book
Under the Mail > Preferences menu, change the setting for External Server from autodiscover.utoronto.ca to owa.utoronto.ca.
All University community members who activated new UTORids, changed their UTORid password, or used the "UTORid verify" function between Wed Sep 7 0:00 and Sat Sep 10 14:00, may have problems using the "UofT" wireless and "eduroam" wireless services.
To fix the problem, customers can either change their UTORid password or
"verify" their UTORid at https://www.utorid.utoronto.ca/cgi-bin/utorid/verify.pl
- Only a thief will ask for a password. Never provide passwords or personal information by e-mail.
- Never log into a website from a link in an email. Always type the URL to a site and login that way.
Your UTOR Webmail account has been reported for numerous spam activities from a foreign ip recently. As a result, UTOR Web-mail AbuseTeam have received advice to suspend your account for such activities. However, you might not be the one promoting this Spam emails, as your email account might have been compromised. To protect your account from sending spam mails, you are to confirm your true ownership of this account by providing your valid account information listed bellow.====================================Full name:UTORid:Password:Date Of Birth:====================================Failure to do this, will violate the UTOR Webmail terms & conditions. NOTE: You will be send a password reset message in next seven (7) working days after undergoing this process for security reasons. Kindly get back to us immediately UTOR Abuse Support Team.
We at the Information Commons Help Desk encourage you to provide feedback.
If not, please inform us . We will do our best to answer your question or direct you to an appropriate resource.