Phish: UofT IMPORTANT NOTICE: Verification Needed

Published: August 26, 2024

This phishing email attempts to steal personal information, login credentials and Duo passcodes by providing false information about the user’s U of T account being filed for deactivation.

When a scammer has acquired your account credentials, they can attempt to log in to your account by initiating multiple MFA notifications until you approve one of them. If you receive a Duo, UTORMFA or any other MFA notification that you did not initiate, do not approve the request. Report suspicious MFA notifications to security.response@utoronto.ca immediately.

Phish bowl

Email details

Subject:

UofT IMPORTANT NOTICE: Verification Needed

Your uoft account has been filed under the list of accounts set for deactivation due to retirement/graduation/freshers/full-time/part-time or transfer of the concerned account holder.

But the record shows you are still active in service and so advised to verify this request otherwise give us reason to deactivate your university account.

Please send the requested information below via EMAIL ONLY to *malicious link* to verify your uoft immediately to avoid deactivation and to book an appointment:

* Full Name:
* Cell Phone Number:
* Campus Email:
* JoinID/Username:
* Passw0rd:
* 6 digit duo passcode on your Duo Mobile (Kindly check your Duo Mobile)

NOTE: Please check your Duo Mobile and fill in the 6-digit passcode above correctly and always send the new code if you mistakenly or consciously used the code you sent, make sure you send the new Duo code immediately.

OR

Whenever you receive any DUO PUSH NOTIFICATION REQUEST sent to your duo mobile app after sending the information above, please accept it to proceed with your verification process, is that understood?.

Please note the one-time submission and entry only.

Send the requested information above, correctly, properly and accordingly.

Phishing cues

  • Poses as a trusted or legitimate source

    The sender poses as U of T to influence the recipient into taking action.

  • Requests for sensitive information

    The email asks for personal information and login credentials, a common tactic used in phishing emails.

  • Sense of urgency

    The email implies that the reader’s account may be deactivated if quick action isn’t taken. This sense of urgency encourages the reader to act under pressure without thinking.

  • Unprofessional design or formatting

    The email lacks typical professional formatting including a personalized greeting, legitimate signature and contact information.

  • Spelling and grammar mistakes

    The email contains spelling mistakes and grammatically incorrect sentences.

Report phishing icon

Report phishing

If you have received a suspicious email like this one, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments, engage with the sender or share the email with your contacts. If you engaged with the sender, please contact security.response@utoronto.ca immediately.