Secure U of T anti-phishing protection provides features to protect you from spoofing and impersonation threats.
Spoofing is when the From address in an email message (the sender address that's shown in email clients) doesn't match the domain that the email was sent from.
Impersonation is where the sender or the sender's email domain in a message looks similar to a legitimate sender or domain. The intent is to deceive recipients.
Please review this knowledge article to understand:
If you are unfamiliar with phishing and what it is, please review this online resource.
Advanced anti-phishing policies add an additional layer of security to your University of Toronto email account. These policies use machine learning models to identify and protect you from phishing attempts by notifying you when an email you receive seems suspicious.
Current features include:
Anti-phishing protection will alert you to possible phishing attempts by displaying safety tips in the body of suspicious emails that you receive. This will help you to determine if you should not trust the sender of an email.
There are different safety tips that could be displayed on suspicious emails that you receive. The tip that is displayed will depend on the nature of the suspicious email. You will see a safety tip when:
Identified impersonation emails (where the From address contains the name of someone at the University who the email sender could potentially be impersonating) will be automatically moved to your Junk Email folder.
If you receive a suspicious email, do not open it. Report it immediately.
There are two ways you can manually report suspected phishing emails to U of T.
Learn more about how to report suspected phishing emails.
Currently, all emails identified as spoofing messages (where the From address in an email message doesn't match the domain of the email source) by Microsoft will automatically go to your Junk Email folder.
Anti-impersonation emails (where the sender or the sender's email domain in a message looks similar to a real sender or domain) are not currently automatically sent to Junk Email. However, these emails could still sometimes end up in your Junk Email folder for other reasons.
If you get a suspicious email, we ask that you report it to Information Security using the ‘Report Message’ add-in button in Microsoft Outlook or by forwarding the email to report.phishing@utoronto.ca.
If you receive an email that you believe has been incorrectly marked as suspicious, please submit a ticket to the Enterprise Service Center at uoft.me/m365help. Our Microsoft 365 team can mark the email so that it is no longer deemed malicious.
Microsoft uses machine learning to scan your emails for malicious content, but no person will ever view them.
To learn more about phishing emails and how to spot them, please review this online resource from the Government of Canada.
You can also learn more about information security and phishing at the University of Toronto from Information Security’s Phishing 101 webpage.