Privacy and information security for the York community are of paramount importance. With the recent move to online courses via the Zoom video conferencing service, some privacy and cybersecurity concerns have been raised by the campus community. This article addresses some of these concerns and provides guidance to help protect their privacy and the privacy […]
Advisories & Alerts
Advisory Security Notice: Defending Against COVID-19 Cyber Scams
Please remain vigilant for cybersecurity scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Do not install Android or Apple related software with COVID-19 Heat Map Patient Tracking or go […]
Advisory Security Notice: Fraud targeting Covid-19 researchers
We have been advised by the Canadian Centre for Cyber Security (CCCS) of an active, sophisticated cyber campaign targeting COVID-19 researchers. The campaign begins with phishing email and includes the use of ransomware that could hinder research activity. The CCCS are asking researchers, especially those working on COVID-19 related research, to exercise elevated levels of […]
Phish Alert - virus detected (5)
A fraudulent email with the subject "<username> virus detected (5)" has been sent to York University email accounts. The email states that the user's Norton Antivirus Protection has expired, and their PC may be vulnerable to viruses and other threats. It urges the user to click on a link to Renew_Subscription. The link redirects users […]
Information Security Notice: “UNICEF internship program offer” Phishing
A large number of phishing emails were sent to York email accounts, part of a known scam advertising a fake job opportunity i.e. UNICEF internship program. The emails are fraudulent and intended to trick recipients into providing personal information such as a personal (non-YorkU) email address and a phone number. At that point additional correspondence […]
Phish Alert - Urgent review / urgent attention
A fraudulent email from a spoofed YorkU email address was sent to various members of the community. It states that an Adobe Remittance has been shared and tells the user to "View Remittance". The "View Remittance" link in the email re-directs users to an external site that is malicious. The email can safely be […]
Phish Alert - Alerte
Various York University community members have received a phishing email which appears to be coming from the recipient themselves. The email is written in French, and states that the user's account has been compromised. The attacker claims to have explicit videos of the user and demands €1200 (euro) in bitcoin to prevent this footage from […]
Phish Alert - Your.Antivirus.Has.Expired⚠️Your computer is infected⛔️
Various members of the YorkU community have received a fake email with the subject "<username>Your.Antivirus.Has.Expired⚠️Your computer is infected⛔️" The email states that the user's Norton Security subscription has expired and urges them to renew their subscription. The link in the email re-directed users to an external site that is malicious. The email can safely be […]
Two-Factor authentication (2FA) enrollments to begin week of February 8, 2021
We are pleased to advise that enrollment of Duo, two-factor authentication will begin week of February 8, starting with activation of those with surname beginning with ‘A’, and proceeding alphabetically until all community members have been enrolled. We expect to complete the process by the end of April 2021. Once your account is activated, you will […]
Phish Alert - Receive your files sent via WeTransfer before it expires.
A fake email from a YorkU email address was sent to various members of the community. It urges the user to receive their files using WeTransfer before it expires. The link in the email re-directed users to an external site that is malicious. The email can safely be deleted. If you clicked on the […]
Phish Alert - BUSY
Various York email users have received a spoofed phishing message with the subject of the email 'BUSY'. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. In the email, the sender is disguising themselves as a member of the York University community and want the user to […]
Phish Alert - Inbox Full Notification
Members of the YorkU community received a fake email with the subject line: ‘[Specific date & time] Inbox Full Notification on yorku.ca Mail service’. This is a known tactic of malicious actors to incite a sense of worry in a user and get them to click on a malicious link. The email can safely be […]
Phish Alert - 20 January, 2021
A phishing email with the subject line “20 January, 2021” was sent to various York mailboxes. The email notified the user they ‘Received New Docs’ and was masqueraded to look like it was a Microsoft document sent from a YorkU email. The link in the email re-directed users to an external site that is malicious. […]