There is an ongoing phishing campaign targeting students at York University as well as other Canadian universities with a fake research job promising good money for very little effort. These phishing emails use a technique called “spoofing” to appear as though emails were sent by a York University professor- even though they were NOT- in […]
Advisories & Alerts
Phishing Alert - McAfee Software Renewal Scams
A common type of phishing email observed by the Information Security team at York University is a fake McAfee software renewal invoice. Such emails fraudulently state that the recipient’s subscription to a premium software- oftentimes a McAfee security product- has automatically renewed and the recipient has been charged. A sample of this type of phishing […]
Phishing Alert - *Job Scam* Executive Personal Assistant
Please be on the lookout for a phishing scam that targets the York community with offers of a fictitious job opportunity as an Executive Personal Assistant. Below is a screenshot of the email and the application form. Following through […]
Phish Alert - New mail from the Canada Revenue Agency
Certain organizations are often impersonated by cyber threat actors to steal users’ personal or financial information, and the Canada Revenue Agency (CRA) is a prime example. Please be advised that a recent phishing campaign targeted many York U users with an email claiming to be from the CRA offering money under the pretense of a […]
Phish Alert - Salary increase letter
Please be advised that a recent phishing message targeted a large number of York users with a fake salary increase notice letter. The “letter” is a PDF attachment that contains a link to a fake York login designed to steal passwords. The attachment itself has been password protected by the sender to try and avoid […]
Phish Alert - Re: Your messages were not sent_2625
A phish email with subject line "Re: Your messages were not sent_2625" was reported. Clicking on the link will redirect users to a fraudulent site http://fms6o.u1dqy.gelatikphoto.com.///?QQQ#.cHJpbmNlbndAeW9ya3UuY2E= If you clicked on the link and provided your credentials, please consider your account as compromised, and notify us […]
Phish Alert - www.yorku.ca // YourUsername@yorku.ca
A confirmed phish email with the subject line "www.yorku.ca // YourUsername@yorku.ca" was reported. The sender's email address was spoofed. Clicking on Review / Keep Current Password will redirect users to a fraudulent site http://yorku.caiz3gyuv2ldk9gpjabwia-iz3gyuv2ldk9gpjabwia. bakkasund.com/psswrd.php#Y3Jvb2tzZEB5b3JrdS5jYQ== If you clicked on the link and […]
Upcoming Changes to the Phish Reporter Button
As of August 2nd, UIT is making changes to the current “Report Phishing” button in Outlook. Users will see the existing button with the “fish” icon be replaced by a new version that is integrated with new Microsoft email protection technologies. The new button has a different icon but works similarly and provides more immediate […]
Phish Alert - Yorku (2) new private documents
A confirmed phish email, sent from a spoofed York email address with the subject line "Yorku (2) new private documents" was reported. Clicking on the link will "Preview & Download It Now::" redirect users to an external site: https://vcbeorigv8h-e30pr8ighvp-0eh8irpg8h-0evrfg[.]obs[.]ap-southeast-3.myhuaweicloud[.]com/fcnbhweo4igvf8h-3wr4e8higvb-piewhrb80vhier-pbivetrb[.]html?AWSAccessKeyId=BIYYVE07OMDKEILTTF0R&Expires=1657387715&Signature=sMdOTQRWRifE2QcDc4LSu/E1XIQ%3D#username@yorku.ca If you clicked on the link and provided your credentials, please consider your account as compromised, and notify […]
Phish Alert - N:6/722: Your attention is needed
A confirmed phish email sent from a spoofed York email address, with subject line "N:6/722: Your attention is needed" was reported. Clicking on the link "Update Now" will redirect users to an external site: https://www[.]sekur[.]aero/wp-content/uploads/2022/06/8nugh/?i=i&0=username@yorku.ca If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password immediately […]
