Privacy and information security for the York community are of paramount importance. With the recent move to online courses via the Zoom video conferencing service, some privacy and cybersecurity concerns have been raised by the campus community. This article addresses some of these concerns and provides guidance to help protect their privacy and the privacy […]
Please remain vigilant for cybersecurity scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Do not install Android or Apple related software with COVID-19 Heat Map Patient Tracking or go […]
We have been advised by the Canadian Centre for Cyber Security (CCCS) of an active, sophisticated cyber campaign targeting COVID-19 researchers. The campaign begins with phishing email and includes the use of ransomware that could hinder research activity. The CCCS are asking researchers, especially those working on COVID-19 related research, to exercise elevated levels of […]
A large number of phishing messages were sent to York email accounts, part of a known scam advertising a fake “job opportunity”. The messages are fraudulent and intended to trick recipients into providing personal information, including personal (non-York) email address, and cellphone number. At that point additional correspondence to gather more personal information would follow, […]
A known scam advertising a fake “job opportunity” was sent to York email accounts today. The messages are fraudulent and intended to trick recipients into providing personal information, including personal (non-York) email address, and cellphone number. If you replied to the malicious email, please ignore any future communication related to this phishing email. If you provided your username and password, please […]
A phish email with the subject line "Warning" was sent to various York mailboxes. The link in the email re-directed users to an external site that is malicious. If you clicked on the link and provided your credentials, please change your password immediately and contact email@example.com
A phishing campaign is being launched against York University which aims to target the emotions of users receiving the item. The item states that the users account has been compromised and that the user should pay $950 USD in bitcoin to the attacker to stop them from sharing files, personal information etc. This is a classic […]
A fake email from Microsoft was sent to various members of the community. The email can safely be deleted. If you've responded to the phish email, please change your password immediately and contact firstname.lastname@example.org
Many York email users have received a targeted phishing message directing you to a login page that is a close forgery of the Passport York login site. The message is fraudulent and should be deleted. The subject of the email is "New payroll message". If you provided your credentials, please consider them as compromised and you should […]
Following up on the Advisory Security Notice on Fraud Targeting Covid-19 Researchers, the Canadian Centre for Cyber Security (CCCS) are reminding COVID-19 researchers to remain vigilant and to stay alert to potential threats affecting their research. The CCCS has provided additional Cyber security guidance. Cyber Security Advice and Guidance for Research and Development Organizations During […]
Members of the YorkU community received a phish email with the subject line: "Your email password has expired." If you see it in your inbox, please delete.
Zoom has released version 5.1.3 to address a critical vulnerability. If you have the Zoom client installed on a windows 7 system, please update as soon as possible. Click here to manually download the latest client version.
The York community reported a phish scam with the subject line "Copy of June Bonus 22JUN2020.xlsx". Clicking on the green Open bar redirects users to an external site designed to steal your PY credentials. If you see it in your inbox, please delete.