How can I differentiate between legitimate notices from U of T and possible phishing emails?

While the U of T ITS will be sending out legitimate notices to community members regarding their email accounts, it is important to remember that malicious actors often disguise fraudulent emails as email upgrade notices. Please know that U of T will never ask you to divulge your passwords to gain access to any accounts or systems. 

For this reason, legitimate ineligible email shut down notices will always meet the following criteria:   

  • Notices will be sent from a U of T departmental email address, a U of T listserv or your local IT staff (if applicable).   
  • Notices will indicate which unit or department of the University you can contact for more information.   
  • Notices will NOT ask you to upgrade an eligible email account by:   
    • Responding to an unsolicited email with personal information.   
    • Opening an email attachment.   
    • Clicking on a button embedded in an email, or a link in an email that conceals its destination (such as links that say “click here “).
    • Sending a text/SMS message.  

Please refer to our Knowledge base article for the text of legitimate messages.

If you receive a notice that does not meet these criteria, do not respond to it or click on any links it contains. Forward it on to the Information Security team at and then delete the email. 

Reminder: The University of Toronto will never ask you to divulge your passwords to its staff to access systems. 

For more information on phishing and protecting yourself online, please see Information Security’s Security Matters website. 

This entry was posted in . Bookmark the permalink.