A targeted phishing message was sent to many York U email accounts on Friday morning. The message is fraudulent and should be deleted. The website it directs you to is designed to look like the York mymail service in order to steal your York credentials.
Details of the fraudulent message are below:
Subject: [Urgent Issue]
We have been trying to contact you all morning concerning your YORKU Email (firstname.lastname@example.org ).
Some of your profile details needs to be upgraded to enhance adequate security
We have however been having issues upgrading your email due to one or more errors.
To prevent your Email from getting suspended, you are required to verify your account.
[Verify email@example.com] – link to fraudulent web site
The YORKU Mail team
To help prevent phishing attacks and related fraud, keep in mind the following tips:
1. Always be suspicious of emails requesting sensitive information.
2. Do NOT click links or open attachments in unsolicited email from individuals or groups you do not recognize.
3. For familiar contacts or expected messages, examine the “From” field of email messages to verify the sending address is correct. Be wary of different spellings of the sending email address that could indicate fraud.
4. For links within email messages, use the “hover over” technique to validate the actual location it will send you to – move the mouse pointer over a link, without clicking, and wait a moment. Most email programs will show the web location the link will take you to. If it does not match what you expect, that could indicate fraud.
For more details or tips, take the short cyber security online training available to all York University staff, faculty and students, located at: https://moodle.yorku.ca/moodle/course/view.php?id=101093.
Other recommended resources:
York’s Information Security blog: http://infosec.news.yorku.ca/
Information Security Twitter (@YorkU_Infosec) and Facebook page (https://www.facebook.com/yorku.infosec/)