Phishing & Email Attachments

Published on: October 28, 2016

Email attachments are a common way of passing malware which expose users to potential data loss. Information Technology Services has the existing practice of adding -utCAUTION! to .zip email attachments coming from outside of the University to U of T email. This practice is in place to provide users with a warning in the event the file is malicious and allow users to take pause before opening an unknown or unwelcome attachment. This is a common practice to decrease the chances of malware being automatically installed via email attachment downloads.

This same practice has been expanded to more filenames since July of this year.  When U of T email users receive an attachment in their email from outside the university, attachment filenames  *.zip, *.docm, *.xlsm, and *.pptm, will be renamed by appending -utCAUTION!

In order to open the file, the user will have to rename the file after saving it to their desktop by removing the appending -utCAUTION!. 

Information Technology Services advises users to only open email attachments if they are specifically expecting them within the context of the message or work related operations. If the attachment is suspicious or unexpected, it is best to compose a new email to the sender and verify what they have attached and for what purpose.

Always scrutinize suspicious emails by following the 9 tell-tale signs of a phishing email. Think before you click!

Follow the Campaign: http://uoft.me/cyberaware