September BEC phish alert
September 20th 2018
On September 18, 2018, a phishing email was sent to University of Toronto (U of T) employees from what appeared to be a senior U of T official. The message asked readers to respond quickly to a request.
This type of deceptive email is called business executive compromise (BEC). A BEC phish is a form of phishing where a cyber criminal impersonates an executive in an attempt to get another employee to send sensitive information and transfer funds from gift cards or e-currencies. If you receive an email like this, please forward it to: firstname.lastname@example.org.
Follow these tips and best practices for avoiding spear-phishing attacks:
- Check the actual email address attached to the anchor text or display name by hovering over the link with your cursor. Look out for domains that do not have the “@utoronto.ca” handle.
- Do not reply or forward these emails to other colleagues or anyone else as it will open touchpoints for fraudulent activities and further threats to information security.
- Do not use non U of T emails for work-related activities. When in doubt, contact the person through phone or in-person to confirm who sent the email.
Read more about this particular BEC attack.
Learn more about a similar incident in August.
Learn more about how to protect yourself against phishing.