You are now in the main content area

Phishing

With your help, Ryerson can minimize online threats.

Phishing emails are designed to deceive you into:

  • Clicking a link and entering personal details like your Ryerson username and password;
  • Giving away personal details like your credit card or bank account numbers; 
  • Opening an attachment and installing malicious software; or
  • Impersonating someone in attempt to commit fraud with your help.

Each month, our university fields 1,500 increasingly convincing phishing emails attempting to target students, faculty and staff.

What to do with a phish

Step 1:
Keep yourself safe

Avoid clicking links or opening attachments provided in the phishing email.

Step 2:
Keep your community safe

Report the phish by forwarding it to spamrec@ryerson.ca.

If you aren’t sure it’s a phish, report it anyway and we’ll check it out. Find more on how to catch a phish and how to report a phish.

How to catch a phish

Protect yourself by knowing how to recognize phishing attempts so you can report and delete them.

  • The sender's address is suspicious.
  • The To field is blank or for another person.
  • The email includes typos or grammatical errors.
  • The message contains an urgent request for personal information.
  • The message requires immediate action to avoid a problem like losing access to your Ryerson account.
  • When you hover over a link or button in the email, it directs you to an address (usually suspicious) unrelated to the text in the link.
  • We've provided some samples to help you detect phishing emails. Many of these examples are derived from phishing emails that were sent to Ryerson email addresses. The links in these examples have been slightly modified to make them less dangerous but please don't attempt to visit these sites.

Here is an example where the sender is pretending the email is from a ryerson address, but the actual address is really from uniswa.szabc.

Email sender appears as 'no-reply@ryerson.ca' but next to it, you find that it's from 'pjmusi@uniswa.szabc'

Here is an example of an email that claims to be from FedEx where the actual address is from specweldfab.revitalsite.comabc.

Email sender field states 'FedEx International Ground' however, to the right you will find the actual address of 'richard.shepherd@specweldfab.revitalsite.comabc'

It’s always worth taking a moment to carefully check the full email address of the sender.

Here is part of an urgent request that included a link to a fake Ryerson login page:

Phishing email stating, 'Due to high numbers of inactive library accounts on our server, you are urged to validate your library account within a week after receiving this e-mail'

Here’s another example of an urgent request:

Phishing email stating, 'We would be shutting down several RYERSON MAIL Accounts. You will have to confirm your RYERSON MAIL Account. So you are required to provide us with the following information.  Full Name: Username: Password: Telephone'

Both of these fake messages include tell-tale grammatical errors and demand you take action to avoid losing access to your account.

How to report a phish

If you think you’ve received a phishing email:

Forward the email to spamrec@ryerson.ca using the “forward” function.

Delete the email from your mailbox without clicking on any links or attachments.

Tip: Avoid using the “Report phishing” option that’s built into the Ryerson Gmail platform. Forwarding the phish to spamrec@ryerson.ca ensures you’re reporting it directly to us so we can stop it from reaching others at the university.