Advisory Notice - Phish email targeting York email system

Many York email users are being sent targeted phishing messages that direct you to a login page that is a close forgery of the Microsoft Office 365 login. The message is fraudulent and should be deleted. The website it directs you to is designed to look like the Microsoft 0365 login screen in order to steal your York credentials. Details below:

---

---

To help prevent phishing attacks and related fraud, please keep in mind the following tips:

1) Always be suspicious of unsolicited messages requesting sensitive information, or that direct you to a website that requests such info, including login information.

2) Do NOT click links or open attachments in unsolicited email from people or groups you don’t recognize.

3) Examine the “From” field of email messages to verify the sending address is correct – be wary of different spellings of the sending email address that could indicate fraud.

4) Use the “hover over” technique to validate the actual location of links within an email – move the mouse pointer over a link (without clicking!) and wait a moment; most email programs will show the web location the link will take you to – if it does not match what you expect that could indicate fraud.

For more detail on tips like this, please take the short cyber security online training available to all York staff, faculty and students at https://moodle.yorku.ca/moodle/course/view.php?id=101093

Other recommended resources:

- York’s Information Security blog: http://infosec.news.yorku.ca/

- Information Security Twitter (@YorkU_Infosec)

- Facebook page (https://www.facebook.com/yorku.infosec/)

Please direct any questions or concerns to UIT Client Services - email: askit@yorku.ca or visit https://askit.yorku.ca