Campus accounts are the target of ongoing fraudulent e-mail attacks

A phishing message – a fraudulent message that attempts to make you log in or send log-in information –was sent recently to York e-mail accounts and appeared to come from a valid University address – York’s University Information Technology (UIT) advises all community members who may have received this message not to reply to it. UIT has taken steps to mitigate the situation.

York University (along with most other educational institutions worldwide) continues to be the target of fraudulent e-mails. These messages pose as University e-mail or helpdesk administrators and ask for name and password information. You may also notice similar fraudulent messages posing as missives from popular online services such as eBay, PayPal, Canada Revenue Agency officials and financial institutions.

Legitimate University notifications will never ask for your password or personal information.

If you receive such a message, do not reply – just delete the message.

If you have provided your password to such a requester, you should change your password immediately and notify UIT Client Services so it can verify your account has not been subject to unauthorized access and abuse.

A small number of people have responded to these messages, which has resulted in their e-mail accounts being taken over and used to send spam e-mail. While UIT works to quickly disable these compromised accounts, sometimes enough spam e-mail is sent that some commercial e-mail services will temporarily “block” e-mail from York University. UIT staff do their best to prevent and mitigate these situations, however they have no control over waiting periods that external e-mail services impose before lifting blocks.

For more information, contact UIT Client Services at 416-736-5800 or