You are using an unsupported browser. For best results please use the latest versions of Chrome, Edge, Firefox or Safari.

Phishing alert – CRA scam targets university communities

Published on: January 27, 2020

The Information Security team at the University of Toronto (U of T) is warning students, staff and faculty to be wary of a current email scam circulating from what appears to be the Canada Revenue Agency (CRA).

The CRA scam is targeting students, faculty and staff at universities across the country. It states that a tax credit is owing to the recipient and requests a response in order to receive the refund.

Given that we are in the midst of tax season, more of this type of activity may appear in the coming weeks and months, warns Isaac Straley, U of T’s chief information security officer. “While the Information Security team and your local IT are working together to reduce the amount of scam emails you receive, it’s recommended that everyone remain vigilant when dealing with electronic communications,” said Straley.

If you are concerned that you may have shared your personal information (e.g., social insurance number (SIN) or credit card number) with a scammer, the CRA advises you contact the police. If your SIN has been stolen, you should also contact Service Canada at 1-800-206-7218 and/or visit the website for more information.

If you are concerned that you have shared banking information, please contact your bank.

What to do if you suspect a phishing attempt/attack…

    • If you suspect your password may have been compromised, immediately change it.
    • If you receive a phishing message(s) and are using U of T Office 365/UTMail+, please report it using the “report message” function in your inbox. Otherwise, please report it to: report.phishing@utoronto.ca.
    • When in doubt about the legitimacy of an email, call or ask the sender in person to confirm if they sent the email.
    • If you opened an attachment that was sent in a phishing email, reach out to your local IT service desk immediately.