Background
As part of Information Technology Services' (ITS) continued efforts to improve the security and general user experience of University of Toronto (U of T) email, ITS has rolled out new email safety tips to all community members' email accounts. This new security feature provides intelligent, unobtrusive and finetuned protection against cyberattacks.
Please note: This solution will replace the previous external email banner. The safety tips will only appear on emails in the scenarios described below.
Safety tips for all U of T community members
As of September 7, 2021, external emails will no longer display the external email banner. Instead, users will ONLY see safety tips at the tops of their emails in the following scenarios.
All U of T email users will see the following safety tips when:
- They receive an email from someone for the first time OR from someone who does not email them often:
- The From address contains the name of a defined person at the University who the email sender could potentially be impersonating:
Email safety tips for users enrolled in Secure U of T advanced threat protections
A smaller group of U of T email users who are enrolled in Secure U of T advanced threat protection (ATP) policies will see the above safety tips in addition to the following scenario-based safety tips. These include safety tips when:
- The From address contains the name of a defined person at the University who the email sender could potentially be impersonating.
- The From address contains a protected domain (e.g. @utoronto.ca) the email sender might be trying to impersonate (e.g. @utorronto.ca).
- The From address contains unusual character sets in a protected sender or domain. (e.g. J0HNsmith@UToronT0.ca).
A full list of the safety tips that users enrolled in ATP may see can be found in this knowledge base article.
Frequently asked questions
Will I see the external email banner in addition to these safety tips?
No, the external email banner has been retired. Instead, you will only see safety tips in the scenarios described above.
Will these safety tips disrupt my workflow?
Most users find these security features integrate into their workflows seamlessly. When a safety tip is displayed in an email, it will take up preview space, but as the system learns, it will trigger these warnings less often.
If I get a malicious email, who should I report it to?
If you get a malicious email, we ask that you report it to Information Security by forwarding the email to report.phishing@utoronto.ca.
Does Microsoft read my emails?
Microsoft uses machine learning to scan your emails for malicious content, but no person will ever view them.