Notice on Recent Fraudulent Email/Phishing Scams

by: Chris Russel

Be Aware:  Cybercriminals are recently very active in attempting to gain login credentials from York staff, faculty and students.  It is important all users be vigilant about fraudulent email and websites.

Most phishing emails contain links to websites.  Some of them are very convincing copies of legitimate York sites such as Passport York or mymail but in fact are fradulent and will steal your credentials to access your information and University resources for criminal purposes.

How to verify if an email is fradulent:
- Hover your mouse over links in emails to see where they truly lead - do not click on the links.
- If in doubt, type the York destination URL into your web browser rather than clicking links in suspicious emails.
- If it is a suspicious email appearing to be from a friend or colleague, call them to verify they sent it.
- York web sites that ask you to login will have a lock icon next to where the web browser displays the URL - click on it and it will provide details saying it is a secure/encrypted connection and that it is registered to York University.  If it is not, do not trust it, close the window and do not enter any information.
If you think you may have fallen for a phishing scam, change your password immediately, and then call your IT support.
Additional help, resources and updates:
For more information on protecting yourself from phishing and other cyber-threats, including examples of recent fraudulent messages, see:
- York's Information Security blog at, Twitter (@YorkU_Infosec) and Facebook page (Yorku.Infosec)
- York’s computing website: