Phish: Fraudulent awards payment attempt

Published: April 25, 2025

This phishing attempt falsely promotes a U of T-sanctioned “Spring 2025 Student Bonus”, promising students a financial reward between $1,000 and $10,000. The email requests personal information, such as full name, phone number, student ID and an alternative email address to claim the supposed bonus.

In this scam, the sender eventually asks for the recipient’s bank details under the pretense of depositing a cheque for the maximum award amount. They later claim there was an overpayment and request a partial refund via e-transfer. Since the original cheque is fraudulent and will not clear, the recipient ultimately loses the money they send back. This is a classic overpayment scam.

Email details

Subject:

Congratulations as a Dedicated Student of the Season at the University of Toronto

University of Toronto
SPRING 2025 STUDENT BONUS ANNOUNCEMENT

Dear Valued Student,

We are pleased to inform you that, as a currently enrolled student at the University of Toronto, you may be eligible for the Spring 2025 Bonus. This initiative is governed by the University’s policies and regulations, specifically the Student Financial Aid and Awards policy (UT Policy #123).

Eligibility Criteria
To qualify, you must:

– Be a currently enrolled student at the University of Toronto
– Have actively used University of Calgary digital platforms, such as Microsoft account, ACORN, UTORid, and Quercus platforms during the academic year. Your participation and engagement have contributed significantly to our community, and we are grateful for your dedication.

How to Claim Your Bonus

To claim your Summer Bonus, please use the alternative email address you provided. We recommend regularly checking and refreshing this email account to ensure timely receipt of future communications from our office.

This will help facilitate a smooth process for any further updates or notifications:

Full Name
Phone Number
Student ID
Alternative email address

Please respond to this email with the required information by May 30, 2025. Only students who received this email are eligible for the bonus, and claims will be processed on a first-come, first-served basis.

Terms and Conditions
– The Summer 2025 Student Bonus is a one-time payment of $1,000-$10,000
– Only students who received this email are eligible for the bonus
– Claims will be processed on a first-come, first-served basis
– The University of Toronto reserves the right to verify eligibility and claim information

If you have any questions or concerns, please don’t hesitate to reach out to us.

Sincerely,
Deyves Fonseca
Acting Chief Information Security Officer
Information Security
University of Toronto

Angelique Saweczko
University Registrar
University of Toronto

Phishing cues

  • Generic greeting

    The email does not address the recipient by name.

  • Requests for sensitive information

    It asks for personal details, a common phishing tactic.

  • Impersonation of a trusted source

    The sender falsely claims to be U of T senior leadership staff and uses the University logo. These emails often originate from compromised student accounts, identifiable by the sender domain @mail.utoronto.ca. Official U of T notices are not sent from student accounts, making such emails a red flag. Contextually, one should not expect to receive official U of T notices sent through student accounts.

  • Sense of urgency

    The message pressures recipients to act quickly by setting a deadline and claiming that “claims will be processed on a first-come, first-served basis.”

  • Inconsistent with legitimate University practices

    Genuine U of T awards are listed in Award Explorer and automatically applied to student accounts — no personal details are required via email.

  • Too good to be true

    The offer of a $1,000 – $10,000 bonus for an unspecified accomplishment is unusually high and unrealistic, a red flag for potential scams.

  • Incorrect or inconsistent details

    The email mentions that the opportunity is available to students who have used University of Calgary digital platforms while its target groups are the students from the University of Toronto, which raises questions about its authenticity.

Icon for report phishing

Report phishing

If you receive a suspicious email, do not open attachments or click on links. Report phishing attempts to security.response@utoronto.ca.

More phishing examples

Phish: Fraudulent overpayment attempt

March 31, 2025

Phish: Get Ready to Take Your Research to the Next Level

March 6, 2025

Phish: You have been sent new employee benefits/salary

March 6, 2025