Protect Your UTORid from Phishing
As the Fall 2025 semester at OISE approaches, Education Commons has observed a rise in phishing emails targeting the OISE community. These messages often appear to come from university-affiliated sources, including compromised @utoronto.ca email addresses. They typically request excessive personal information, such as details you provided when you were hired or first enrolled at the University of Toronto, or ask for your UTORid login credentials and password without the use of multifactor authentication/the DUO login screen.
IMPORTANT: No department or individual at the University of Toronto or within OISE will ever ask for your UTORid password. If someone requests access to your UTORid account, please report the incident to oise.help@utoronto.ca immediately. Your UTORid password is private and must never be shared. It is intended solely for use by the individual to whom it is assigned.
Warning Signs of Phishing
When you are receiving emails from unknown or unanticipated senders, please stay vigilant and watch for the following warning signs:
- Unfamiliar tone or greeting
- Unrecognized sender or email address
- If the sender uses a @utoronto.ca address, ask yourself:
- Do they actually work in the department they claim to represent? Use and the as resources to validate senders/inconsistent job titles. The will require a login to view full resources/listings.
- Is the information they’re requesting something this individual would legitimately need?
- Were you expecting an email from this person?
- Have you consulted Education Commons about this request?
- If the sender uses a @utoronto.ca address, ask yourself:
- Urgency to act immediately or within a short timeframe
- Spelling or grammar errors
- Offers that seem too good to be true
- Attachments or embedded URLs. Especially those requiring passwords to access or view, and requiring sensitive information such as contact info, address, bank account details, SIN, etc.
Take Action & Stop Phishing
If you're unsure about any email, do not feel pressured to respond or act immediately. Instead, take a moment to pause and follow these steps:
1. Do not click, respond, or open any of the links within a received phishing email.
2. Report/forward the suspicious email to oise.help@utoronto.ca.
Or report the email using the UofT Report Phishing button located within Outlook.
3. Join the . (Monday-Friday: 11:00 am - 3:00 pm EST)
Connect one-on-one with an Education Commons expert on Zoom.
4. Complete your assigned .
Staying vigilant and understanding phishing will help with your awareness.
Phishing is a global issue that affects individuals across all sectors and regions. The most effective way to prevent it is through community awareness.
At Education Commons, we’re committed to helping you recognize and stop phishing attempts. If you ever receive a suspicious email or have questions about digital security, please don’t hesitate to contact us. We’re here to support the OISE Community.
