Please be advised that a phishing email is currently circulating from a compromised account within our organization. The email uses the subject line: Subject: ADVANCE WARNINGDate: June 8, 2025, at 1:43:49 PM EDT The message claims that your YorkU Microsoft account is set for deactivation due to retirement, graduation, or transfer. It urges recipients to […]
Announcement
Phish Alert - SMS Phishing Scam Impersonating York President
We have received reports from users about a new SMS phishing (smishing) scam that is impersonating York President Rhonda Lenton. The scammers are using different phone numbers to contact potential victims, including numbers from area codes 484 and 438. An example of the smishing text described is shown below for reference: This message was NOT […]
Phish Alert - "Email @ York Update"
The Information Security team noted a targeted phishing email being circulated among the York community on December 28th, 2024. The email used the subject line "Email @ York Update" and claimed to be a notification regarding a fake mail server update. The email included a malicious link asking users to submit their York credentials in […]
New Duo Security Enhancements Coming to York
As part of planned updates to York’s current Duo 2FA service, UIT will be deploying an extra layer of security through the implementation of Duo Verified Push, Time-Based One-Time Password (TOTP) codes, and the Self-Service Device Management (SSDM) portal. What’s Changing? Verified Push will ask you to enter a 3-digit code during the login process. […]
Passport York password complexity requirements update
Passport York uses a password strength estimator to ensure that users set strong, difficult to crack passwords for their account. This is done in order to increase the security of their various accounts at the University. The estimator analyzes passwords and assigns them a score based on their complexity. We have increased the score required […]
Job Scam Alert - Store Evaluator Job Opening
Scammers are using compromised YorkU accounts to send fake job scam offering a weekly payment of $400 to $600 to be a part time store evaluator. Students are the main target of the FAKE job offer. The email asks prospective applicants to provide their Full Name, Cell number and personal email address. Following through with […]
Phish Alert - Important Message for All Staffs and Students
Scammer compromised a YorkU email account and sent over 9900 phishing emails. Following through with the fraudulent link attached in email will result in compromise of personal information and potential financial loss. The Information Security team has taken action to remove the fraudulent messages. If you receive similar messages, please report […]
Advisory Notice - Microsoft Office Remote Code Execution Vulnerability (CVE-2023-36884)
Microsoft recently disclosed a zero-day vulnerability (CVE-2023-36884) which is currently being exploited in the wild. Attackers are coercing users via social engineering phishing techniques into opening a specially-crafted Microsoft Office document that could result in remote code execution. Even though Microsoft Defender for O365 provides protection against attachments designed to exploit CVE-2023-36884, we ask the […]
Job Scam Alert - Executive Assistant/Administrative Assistant !!!
Here is another fake job scam that has been circulating today. […]
Upcoming Changes to the Phish Reporter Button
As of August 2nd, UIT is making changes to the current “Report Phishing” button in Outlook. Users will see the existing button with the “fish” icon be replaced by a new version that is integrated with new Microsoft email protection technologies. The new button has a different icon but works similarly and provides more immediate […]
