Information Technology Services (ITS)

10 Tips to Avoid A Phishing Attack

Published on: April 10, 2013

Phishing is a general term for e-mails, text messages and websites fabricated and sent by spammers, hackers and criminals, designed to look like they come from well-known and trusted businesses, financial institutions, government agencies and IT support groups in an attempt to collect personal, financial, login and other sensitive information.

Please do not reply to these emails, complete requests for information on linked webpages,  or provide any information to the sender.
No IT service or support organization at the University of Toronto will ask you via email for your username and password.


Visit the ITS Facebook photo album with examples of classic phishing e-mails!

Tip #1:
Be suspicious of any e-mail with urgent requests for personal information.  At UofT, should something be urgent, you will be notified in person or by phone.

Tip #2:
Phishing attempts often state that your account may be suspended if you don’t take action. Before doing so, always check independently with a trusted IT contact.

Tip #3:
Typically, phishing e-mails will include upsetting or exciting statements to prompt immediate reaction.

Tip #4:
Spot a scam by looking for common spelling mistakes like “Utor ID” or poor grammar and sentence structure.

Tip #5:
Check the websites you are using for HTTPS, green URL bars or a padlock symbol . This means the website is secure.

Tip #6:
If you think you’ve received a phishing scam, use your mouse to hover over the links provided in the email, and the real link will reveal.  You will notice that the link is different than stated or implied.

Tip #7:
Don’t be fooled by official looking logos and websites. Use your bookmarks or type the web address directly into your browser.

Tip #8:
A request to renew your password is a phishing scam. UofT does not notify users of their password expiry dates via e-mail.

Tip #9:
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

Tip #10:
Make your password challenging and change it on regular basis to protect your account.

If you are ever in doubt or would like to report a suspicious e-mail, please don’t hesitate to contact your local IT support team.

For Help, contact:

Info Commons Help Desk
416-978-HELP (4357)


Your local IT Support Team