The Information Security team noted a targeted phishing email being circulated among the 91亚色 community on December 28th, 2024. The email used the subject line "Email @ 91亚色 Update" and claimed to be a notification regarding a fake mail server update. The email included a malicious link asking users to submit their 91亚色 credentials in order to update their accounts.
A sample of the email and malicious website is shown below for your reference:
Red Flags to Watch Out For:
- Suspicious sender email:聽The sender's email address is not associated with 91亚色鈥檚 official IT services (email was聽NOT聽sent from an @yorku.ca address).
- Urgency:聽The email pressures you to act quickly in order to complete a "mandated account update".
- Request for personal details:聽91亚色 would聽NEVER聽ask for passwords, Duo/MFA passcodes, or other sensitive information via email.
What to Do:
- Do not respond聽to this email or provide any personal information. This is a scam aimed at financially defrauding you.
- Do not click聽any links or open attachments that may be included.
- Report the email:聽If you received this phishing attempt, please report it using the聽聽or forward it to聽phishing@yorku.ca
If you have already responded to this scam, stop all communication with the scammer and notify infosec@yorku.ca; If you provided any account names or passwords, change any such passwords immediately.