91��ɫ

The Information Security team has identified a fraudulent website impersonating 91��ɫ that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official 91��ɫ web properties and may be encountered when users attempt to access University services through search engines.

The impersonation site is NOT affiliated with 91��ɫ and should be considered malicious. Do NOT enter your username, credentials, Duo 2FA codes, or any other personal information on this site as this may result in unauthorized access to your accounts.

The fraudulent site uses the URL <www.yorkuonline.com>, an image is shown below for reference:

Red Flags to Watch Out For

Unsolicited messages directing you to log in:
Messages claiming your account will be disabled, your mailbox is full, or your access is expiring are common tactics used to lure users to fake login pages.

Suspicious URL:
Official 91��ɫ login pages always use domains ending in yorku.ca. Any variation such as extra characters, misspellings, unfamiliar subdomains should be treated as suspicious.

Unexpected login prompts:
If you are asked to “verify your account”, “update your credentials” or “restore access” after clicking a link you did not expect, this is a strong indicator of a phishing attempt.

Requests for Duo/MFA passcodes:
91��ɫ will never ask you to enter Duo 2FA codes outside of the official login process. Any site requesting your passcode directly should be considered malicious.

If you encounter any emails or messages directing you to this site, please report it using the Report Phishing button or forward the message to phishing@yorku.ca.

If you have already entered your credentials into the malicious site, change your password immediately by visiting . If you have any questions or concerns, please contact infosec@yorku.ca.