The Information Security team has identified a targeted phishing email sent on January 5, 2026 (today) that is being circulated among the York University community. The email used the subject line equal or similar to "Winter 2026 Term Commencement – Important Information" and falsely advertises monetary compensation in the form of a "Student Engagement Bonus" […]
The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]
The Information Security team wants to bring to your immediate attention a phishing email that has been circulating, which appears to originate from a UoT email address. This email is designed to trick recipients into sharing sensitive personal information, including passwords and account details. Please read the information below carefully to protect yourself and our […]
Several waves of phishing emails promoting FAKE jobs leveraging compromised York University users' accounts have been detected. These emails claim to offer recipients a well-paying remote job with no qualifications and link to a Google form that requests personal information. The "job" in question will instruct victims to deposit FAKE cheques through personal bank accounts […]
Scammers are using compromised accounts to send phishing emails to the community to verify their account. Email subject: NOTICE BY ADMIN VERIFY YOUR ACCOUNT!! Please note that York will NEVER request for passwords, Duo passcodes or other personal information via email or Google Form.The Information Security team has taken action to remove the fraudulent messages. […]
A confirmed phishing email with the subject line "Please Verify Your Yorku Account" was sent to a number of mailboxes. Clicking on the provided link will redirect users to an external site hosted on google forms. If you clicked on the link and provided your credentials, please consider your account as compromised. Change your password IMMEDIATELY and notify us […]
Phishing emails containing a QR code with subject line "Salary Increase, Dividend, Compensation Raise, Insurance Plans and Benefit Package Update" were reported. Illustration 1 Illustration 2 The emails are fraudulent and do NOT scan the image. If you scanned the QR code and provided your credentials, this may have allowed hackers to access your account. Change your […]
Scammers are using compromised accounts to send emails with fake job posting looking for Personal Assistant. Please note that York will NEVER request for passwords, Duo passcodes or other personal information via email or Google Form. If you texted the requested information to +1 (215) 828-9264, do NOT accept the DUO PUSH, change your PY password […]
Several waves of phishing emails promoting "money mule" scams leveraging compromised York University users' accounts have been detected. These emails claim to offer recipients a well-paying remote job with no requirements and link to a Google form that requests personal information. The "job" in question is a money mule scheme whereby victims are told to […]
A confirmed phish email with the subject line "York University: Duo Security Appointment Form" was reported. York will NEVER ask the user community to provide their password OR call you to verify your MFA. If you texted the requested information to +1 (215) 828-9264, do NOT accept the DUO PUSH, change your PY password immediately […]