The Information Security team noted a targeted phishing email being circulated among the York community on June 17, 2025. The email used the subject line "York University Agreement For username@yorku.ca" and claimed to be a signature request notification that included a fake calendar invite. The email also included a malicious link asking users to submit […]
News
Phishing Alert: Advance Warning
Please be advised that a phishing email is currently circulating from a compromised account within our organization. The email uses the subject line: Subject: ADVANCE WARNINGDate: June 8, 2025, at 1:43:49 PM EDT The message claims that your YorkU Microsoft account is set for deactivation due to retirement, graduation, or transfer. It urges recipients to […]
Phish Alert - SMS Phishing Scam Impersonating York President
We have received reports from users about a new SMS phishing (smishing) scam that is impersonating York President Rhonda Lenton. The scammers are using different phone numbers to contact potential victims, including numbers from area codes 484 and 438. An example of the smishing text described is shown below for reference: This message was NOT […]
Phish Alert - "Job Alert: New Opportunities Added Daily - Apply Now!" / "Your Future Starts Here: Explore Our Job Board Today!"
The Information Security team noted multiple targeted job scam-type phishing emails being circulated among the York community on December 9th, 2024. The emails used one of the following subject lines listed below: Your Future Starts Here: Explore Our Job Board Today! Your Dream Job Awaits: Explore Our Latest Listings! Unlock Your Potential: Exclusive Job Listings […]
Phish Alert - Sαlαry Increαse Notificαtion/16.89 % Salary Increase Letter 2024-11-19
The Information Security team noted two phishing emails being circulated among faculty & staff. The emails, titled "Sαlαry Increαse Notificαtion" OR "16.89 % Salary Increase Letter 2024-11-19", claim to be sent from York University Payroll & Employee Relations, and prompt recipients to submit personal information. Key details of the phishing email: Subject: Sαlαry Increαse Notificαtion/16.89 […]
Duo's Self-Service Device Management (SSDM) portal
Duo has also introduced a new Self-Service Device Management (SSDM) portal to allow users to access the device management interface directly. This will allow users to add/remove devices without the help of IT/Help Desk staff. To access Duo SSDM, please visit https://yorku.login.duosecurity.com/ and login with your Passport York credentials. Once inside the portal, users will […]
New Duo Security Enhancements Coming to York
As part of planned updates to York’s current Duo 2FA service, UIT will be deploying an extra layer of security through the implementation of Duo Verified Push, Time-Based One-Time Password (TOTP) codes, and the Self-Service Device Management (SSDM) portal. What’s Changing? Verified Push will ask you to enter a 3-digit code during the login process. […]
Job Scam - Ontario Universities Students Jobs Placement 2024 Fall Semester
We have identified another targeted phishing email with the subject line "Ontario Universities Students Jobs Placement 2024 Fall Semester". The email includes a PDF attachment and asks recipients to contact hr@careers-opinionoutpost.com. Do not respond, open the PDF, or engage with the email. This is a scam aimed at financially defraud you. If you have already […]
Passport York password complexity requirements update
Passport York uses a password strength estimator to ensure that users set strong, difficult to crack passwords for their account. This is done in order to increase the security of their various accounts at the University. The estimator analyzes passwords and assigns them a score based on their complexity. We have increased the score required […]
Upcoming Change to Duo 2FA Prompt
As part of planned updates to York’s Duo 2FA service, the Duo login prompt will change to a refreshed and modernized look that is better optimized for desktop and mobile experiences - known as the Duo Universal Prompt. There are no functionality changes to Duo and the service will continue to be part of your […]
