Phishing attacks are emails which attempt to trick you into clicking malicious links, interacting with malware, or sending your account credentials to bad actors. The University of Toronto employs advanced threat protections to prevent malicious emails from reaching your inbox; however, phishing attacks can occasionally evade these safeguards.
If you receive a suspicious-looking email, report it immediately. Reported emails are sent to Information Security’s incident response team for investigation and are automatically removed from your U of T inbox. When reporting an email, you can provide additional information to help keep the university safe.
There are two methods for reporting phishing emails at U of T:
If you receive a suspicious email in your University of Toronto inbox, follow these steps:
If you cannot access the Report Phishing button, forward the email to report.phishing@utoronto.ca, then delete it from your inbox.
If you interacted with the sender, clicked on a link, or opened an attachment, contact security.response@utoronto.ca immediately.
The Report Phishing button icon is an open blue envelope with a red warning symbol.
When viewing an email, the Report Phishing button appears in two locations:
When viewing an email, select the three-dot (More actions) menu in the toolbar to access the Report Phishing button.
When viewing an email, select the three-dot (More actions) menu in the upper-right corner, then scroll to the bottom of the menu to find the Report Phishing button.