Certain organizations are often impersonated by cyber threat actors to steal users’ personal or financial information, and the Canada Revenue Agency (CRA) is a prime example. Please be advised that a recent phishing campaign targeted many York U users with an email claiming to be from the CRA offering money under the pretense of a tax refund.

The phishing email links to a fake CRA website which attempts to steal visitors’ personal and financial information. The abuse of content hosting and cloud service providers was leveraged in this phishing campaign to redirect visitors from the link clicked in the phishing emails to the fake CRA website.

If you have received the below or a similar email, please refrain from clicking on any of its links. If you were able to visit the fake CRA website and entered any information into it, please contact the Information Security team (askit@yorku.ca).

 

Please exercise heightened vigilance against emails claiming to come from the Canada Revenue Agency during the first few months of every new year. Reporting suspicious emails to York University’s Information Security team via the Report phishing button assists with the detection and remediation of phishing attempts against York University’s users.