University of Toronto Logo

Information + Technology Services

Small normal big

Phishing attacks targeting administration on the rise

On Nov. 16, University of Toronto (U of T) staff reported suspicious emails sent from accounts belonging to University administrators. The emails contained a request for recipients to purchase gift cards with their personal credit card with reimbursement promised in the near future.

The emails were “spoofed” – meaning the display name and domain URL were disguised to appear to originate from a senior executive at the University. This year, there has been a noticeable increase in these types of phishing attacks. To avoid falling victim to these types of cyber crimes, always follow up in person or by phone in regard to a request that is unexpected, urgent and/or atypical of your day-to-day interactions.

Examples of similar phishing attacks at the University include emails from:

  • A company named Xero asking for invoice payment.
  • Netflix warning that account information needs to be updated or service will be limited.
  • Someone you know asking you to quickly purchase iTunes gift cards.
  • Someone you don’t know making an Interac transfer to your bank account.

You can view a collection of reported phishes by visiting the Security Matter’s Phish Bowl.

To report a suspicious email or phishing attack, contact

For more tips on how to stay safe online at work visit our Security Matters blog and check out our tip sheets.