Skip to main content


Ryerson is receiving an increasing number of "phishing" emails. Phishing emails are designed to deceive you into giving away confidential information like your Ryerson username and password, credit card number or bank account information. This page provides guidance on how to recognize phishing emails so you can report them and delete them.

Common traits of phishing emails:

  • The sender's address is suspicious.
  • The "To" field is blank or for another person.
  • The email includes typos or grammatical errors.
  • The message contains an urgent request for personal information.
  • The message requires immediate action to avoid a problem like losing access to your Ryerson account.
  • When you hover over a link or button in the email, it directs you to an address (usually suspicious) unrelated to the text in the link.
  • We've provided some samples to help you detect phishing emails. Many of these examples are derived from phishing emails that were sent to Ryerson email addresses. The links in these examples have been slightly modified to make them less dangerous but please don't attempt to visit these sites.

Suspicious Senders

Here is an example where the sender is pretending the email is from a ryerson address, but the actual address is really from uniswa.szabc.

Example 1: From: '' <pjmusi@uniswa.szabc>

Here is an example of an email that claims to be from FedEx where the actual address is from specweldfab.revitalsite.comabc.

Example 2: From:	FedEx International Ground <richard.shepherd@specweldfab.revitalsite.comabc>

It’s always worth taking a moment to carefully check the full email address of the sender.

Urgent Requests for Personal Information

Here is part of an urgent request that included a link to a fake Ryerson login page:

Urgent request 1: 'Due to high numbers of inactive library accounts on our server, you are urged to validate your library account within a week after receiving this e-mail'

Here’s another example of an urgent request:

Urgent request 2: We would be shutting down several RYERSON MAIL Accounts. You will have to confirm your RYERSON MAIL Account.
So you are required to provide us with the following information.

Full Name:

Both of these fake messages include tell-tale grammatical errors and demand you take action to avoid losing access to your account.

Suspicious Links

Hovering over a link with your mouse and carefully checking the URL is one of the best ways to detect a phishing email. If you are using a tablet or smartphone carefully press and hold the link, rather than tap, to reveal the true URL. Here's an example of a link that goes to a fake Ryerson login page hosted in a server in another country.

If you hover over the link without clicking you will see a very long URL (it may appear in the bottom-left of your browser) like this:

Suspicious Link with long URL

It may remind you of what you see in the location field of your browser when you log into the portal. But it is not the same. Here is the valid address that you see when you login to

Aside from the fact the fake link is longer, how can you tell which one is a link to a server at Ryerson and which one is not?

  1. The legitimate URL has a forward slash after, the fake one has a forward slash after
  2. Another give away is that the fake URL starts with http:// while the valid one starts with https://. Ryerson login pages will always start with the secure https://

Here is fake URL that has been well-crafted to look like a Ryerson address:

Notice how a hyphen has replaced the dot. A valid Ryerson host name that isn’t simply must end with

Let's look at two fedex URLs. Which one takes you to a Fedex site and which one to somewhere more dangerous?


To tell the difference, locate the first forward slash after the https://:


The first link takes you to the real site. The second just has fedex in the name.

If you aren't sure about a link, type a link that you know is correct like or into the location bar of your browser instead of clicking.

What About Google Apps Links?

The Ryerson community makes extensive use of Google Apps including Drive, Calendar, and Groups. The URLs for these applications can be very long but they all start with a host name that ends with


The host name always ends before the first forward slash with

Some attackers have used personal Google accounts and Google Forms to try to get people to "login" to a Google Form. This is relatively easy to spot because Google Forms don't look like Ryerson's or Google's login screens. Google has even added a warning at the bottom of every Google Form that says: "Never submit passwords through Google Forms."

To Report a Phishing Email




Phone icon416-979-5000 x6840


Maps iconKerr Hall West, Room 71


Phone iconx6806


More iconMore help options