Canadian University defrauded of $11.8 million in a phishing scam

MacEwan University was defrauded of $11.8 million using a targeted phishing attack. CBC reported it here:

Targeted phishing is increasingly used by criminal groups to attempt similar attacks against other institutions, including York. To help prevent phishing attacks and related fraud, please keep in mind the following tips:

  • Always be suspicious of emails requesting sensitive information.
  • Do NOT click links or open attachments in unsolicited email from people or groups you don’t recognize.
  • For familiar contacts or expected messages, examine the “From” field of email messages to verify the sending address is correct – be wary of different spellings of the sending email address that could indicate fraud.
  • For links within email messages, use the “hover over” technique to validate the actual location it will send you to – move the mouse pointer over a link (without clicking!) and wait a moment; most email programs will show the web location the link will take you to – if it does not match what you expect that could indicate fraud.

For more detail on tips like this, please take the short cyber security online training available to all York staff, faculty and students at
Other recommended resources:

- York’s Information Security blog:
- Information Security Twitter (@YorkU_Infosec) and Facebook page (

Please direct any questions or concerns to UIT Client Services - email: or visit