Student malware incident: next steps and action required
On Saturday Feb. 23, many students received a malicious email regarding a ‘refund payment’. The email contains an attachment which, if opened, causes a prompt for credentials and installs software. Please read further if you recognize this incident:
- If you have received the email and not opened the attachment, delete the email.
- If you have received the email, opened the attachment, and entered any login and password:
- You must change your password immediately for whichever service you may have used. If you entered a UTORid and password, change it here: https://www.utorid.utoronto.ca/cgi-bin/utorid/changepw.pl.
- Malware may have been installed on your device as a result of opening the attachment. The best way to ensure your device is not compromised is to re-install your operating system and restore data using a backup. If you do not follow this procedure, we recommend you scan your device using anti-virus software for the next few days. If your anti-virus software removes the malware, you should change all passwords that you used during the compromise interval. Please monitor: https://securitymatters.utoronto.ca for updates on anti-virus effectiveness.
The malicious email was removed from your mailbox using automated tools. No mailboxes were accessed, and no email was exposed via this automated process.