Phishing emails containing a QR code with subject line "Salary Increase, Dividend, Compensation Raise, Insurance Plans and Benefit Package Update" were reported. Illustration 1 Illustration 2 The emails are fraudulent and do NOT scan the image. If you scanned the QR code and provided your credentials, this may have allowed hackers to access […]
Advisories & Alerts
Job Scam Alert - Open Job Position
Please note that York will NEVER request for passwords, Duo passcodes or other personal information via email or Google Form. Below is the latest job scam email that was sent to various mailboxes. The Information Security team has taken action to remove the fraudulent messages. If you receive similar messages, please report it immediately […]
Phish Alert - "York University: Application Form" OR "York University: All Students Should Apply Immediately"
Scammers continue to use compromised YorkU accounts to send job scams to the community. Phone number +1 (215) 828-9264 is the scammer's number Please note that York will NEVER request for passwords, Duo passcodes or other personal information via email or Google Form. If you texted the requested information to +1 (215) 828-9264, do NOT […]
Phish Alert: York University Application Form
Scammers are using compromised accounts to send emails with fake job posting looking for Personal Assistant. Please note that York will NEVER request for passwords, Duo passcodes or other personal information via email or Google Form. If you texted the requested information to +1 (215) 828-9264, do NOT accept the DUO PUSH, change your PY […]
Job Scam Alert - VIRTUAL PERSONAL ASSITANT/ASSISTANT JOB (REMOTE)
Several waves of phishing emails promoting "money mule" scams leveraging compromised York University users' accounts have been detected. These emails claim to offer recipients a well-paying remote job with no requirements and link to a Google form that requests personal information. The "job" in question is a money mule scheme whereby victims are told to […]
Phishing Alert - York University: Duo Security Appointment Form
A confirmed phish email with the subject line "York University: Duo Security Appointment Form" was reported. York will NEVER ask the user community to provide their password OR call you to verify your MFA. If you texted the requested information to +1 (215) 828-9264, do NOT accept the DUO PUSH, change your PY password immediately […]
Job Scam Alert - "YorkU Personal Assistant" OR "Remote Personal Assistant" OR "Virtual Assistant Needed" OR "PA - Team Assistant"
Scammers are using compromised YorkU accounts to send fake job scam offering $550 or $650 USD weekly as a "YorkU Personal Assistant" OR "Remote Personal Assistant" OR "Virtual Assistant Needed" OR "PA - Team Assistant". Following through with the fraudulent employment offer will result in compromised of personal information and potential financial loss. An illustration […]
Phish Alert - Important Message for All Staffs and Students
Scammer compromised a YorkU email account and sent over 9900 phishing emails. Following through with the fraudulent link attached in email will result in compromise of personal information and potential financial loss. The Information Security team has taken action to remove the fraudulent messages. If you receive similar messages, please report […]
Advisory Notice - Microsoft Office Remote Code Execution Vulnerability (CVE-2023-36884)
Microsoft recently disclosed a zero-day vulnerability (CVE-2023-36884) which is currently being exploited in the wild. Attackers are coercing users via social engineering phishing techniques into opening a specially-crafted Microsoft Office document that could result in remote code execution. Even though Microsoft Defender for O365 provides protection against attachments designed to exploit CVE-2023-36884, we ask the […]
Job Scam Alert - Dog Sitter
Scammers are using compromised YorkU accounts to send fake job scam offering a weekly payment of $400 to take care of dogs. Following through with the fraudulent employment offer will result in compromised of personal information and potential financial loss. The Information Security team has taken action to remove the fraudulent messages. If you receive […]
