Alert

A confirmed phish email, sent from a spoofed York email address with the subject line "Yorku (2) new private documents" was reported. Clicking on the link will "Preview & Download It Now::" redirect users to an external site: https://vcbeorigv8h-e30pr8ighvp-0eh8irpg8h-0evrfg[.]obs[.]ap-southeast-3.myhuaweicloud[.]com/fcnbhweo4igvf8h-3wr4e8higvb-piewhrb80vhier-pbivetrb[.]html?AWSAccessKeyId=BIYYVE07OMDKEILTTF0R&Expires=1657387715&Signature=sMdOTQRWRifE2QcDc4LSu/E1XIQ%3D#username@yorku.ca If you clicked on the link and provided your credentials, please consider your account as compromised, and notify […]

A confirmed phish email sent from a spoofed York email address, with subject line "N:6/722: Your attention is needed" was reported. Clicking on the link "Update Now" will redirect users to an external site: https://www[.]sekur[.]aero/wp-content/uploads/2022/06/8nugh/?i=i&0=username@yorku.ca If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password immediately […]

A confirmed phish email, appearing to be sent from a user's own spoofed York email address, with subject line "MAIL DNS (22) Undelivered Messages. Please check Domain settings!" was reported. Clicking on the link will redirect users to an external site: https://storage[.]cloud.google[.]com/maintainancecomponeta[.]appspot[.]com/myautoindex[.]html#username@yorku.ca If you clicked on the link and provided your credentials, please consider your […]

A phish email with subject line "Updated MAY Payment Structure And Classified Comapny Docments For You!!!" was sent to multiple mailboxes. Clicking on the link will redirect users to an external site:https://codee-1-a153d6.ingress-daribow[.]easywp.com/sv/#username@yorku.ca If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password immediately and NEVER authorize […]

A confirmed phish email sent from a spoofed York email address, with subject line "Incoming Mail Delayed." was reported. Clicking on the link "Click here to retrieve your emails and reconfigure Port 486." will redirect users to an external site: https://firebasestorage[.]googleapis[.]com/v0/b/jiklo-102a6.appspot[.]com/o/1998228299llllllll%2Fwebwebweb.html?alt=media&token=9125baf0-abd4-4b12-8e44-acbfcb3d395c#username@yorku.ca If you clicked on the link and provided your credentials, please consider your account […]

A confirmed phish email with subject line "April/May Salary updates" was reported. If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password immediately and NEVER authorize a 2FA request that you did not initiate.      

A phish email with subject line "(6) messages are pending yorku.ca" was sent to multiple mailboxes. Clicking on the link "RE-ACTIVATE ACCOUNT HERE" will redirect users to an external site: https://tummify.com/wp_locks/MailUpdateFresh#username@yorku.ca   If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password immediately and NEVER authorize […]

A sophisticated phish scam with subject line "Authorization Form" was sent to multiple mailboxes. The email has the attachment "yorku.ca Please_DocuSign_credit_card_Authorization.html" Opening the attachment will prompt the user to enter a password. You won't be able to change the username. If you click on Login, you will get the message "Invalid Password..! Please enter correct […]

A phishing email with subject line "Updated JANUARY Payment Structure (Final Post-Covid-19 listing) !!!" was sent to various mailboxes. Clicking on the xls link will redirect users to a fraudulent site http://managecld.com/log-in/ If you clicked on the link and provided your password, please consider your account as compromised. Change your password immediately and NEVER authorize […]