One of the ways bad actors amplify their perceived credibility is by leveraging public-facing information. They use widely consumed news or information to prey on the average person’s fears, allowing them to pose as a helpful resource, only to steal people’s personal information. A recent example of this is how stories about past data breaches involving companies like Google, Apple and Facebook have resurfaced and have consumers worried about their data safety. As a result, scammers are using the media attention to make their phishing messages seem more convincing by posing as technical support on behalf of these companies.

Cybercriminals often use this tactic of taking advantage of confusion or fear to trick people into clicking links or providing login information. These scams may urge you to reset your password or log in to fix a fake security issue. Don’t fall for it. These companies will never contact you directly to ask for credentials.

You can see examples of recent phishing attempts targeting U of T accounts in the Phish Bowl.

Here are some other red flags to look out for in your email inbox:

If you receive an unexpected message asking you to verify your account or click a link:

• Don’t click on any links or download attachments
• Don’t reply with any personal information
• Report the email using U of T’s Report Phishing button in Outlook
• If you’re not using Outlook, forward suspicious emails to report.phishing@utoronto.ca and then delete it from your inbox

To see if your email has ever been exposed in a known breach, you can use haveibeenpwned.com. This free tool checks whether your email address appears in publicly reported data leaks.

Regardless of what you find, here are essential steps to protect your accounts:

• Use long, unique passphrases for every account
• Enable multi-factor authentication (MFA) wherever possible
• Store your passwords using a secure password manager — U of T students, staff and faculty can set up a 1Password account for free

Passkeys are a newer, more secure alternative to passwords. Supported by many major platforms, passkeys protect your account with built-in device authentication and resist phishing attacks. They take a bit of setup but are worth the effort.

The University of Toronto has not been affected by the data breaches mentioned above, but it’s a good reminder to stay vigilant. Visit the Information Security website for more tips, tools and guidance on protecting your digital life.