Notice to vendors: Fraud alert
Toronto Metropolitan University (TMU)’s Procurement and Payment Services has been informed of attempted fraudulent activity in which vendors are being contacted by someone impersonating a TMU employee and requesting participation in upcoming TMU projects.
The TMU Financial Services team and Information Security team are aware of this attempted fraud and are taking actions to address it.
How you can tell a request is a fake phishing attempt
When malicious actors impersonate TMU employees via phishing emails, the fraudulent sender’s email address is often very similar to an official torontomu.ca email address but differs slightly or uses outdated references to a “Ryerson” email address. For example, a fake university email address may end with torontomu.com, procurement@torontomu-edu.ca or ryersonu.ca.
Please note that all legitimate email communications from TMU end with the “@torontomu.ca” domain name.
What should you do?
It is strongly recommended that prior to responding to any email from TMU, vendors should confirm that the sender’s email address ends with @torontomu.ca. Alternatively, you can verify the sender’s TMU email address by visiting torontomu.ca/contact and searching their name.
If you receive an email that you suspect to be a fraudulent phishing email, please report it to Computing and Communications Services (CCS) by forwarding the email to spamrec@torontomu.ca.
Thank you for your cooperation and vigilance to keep both TMU and your organization safe online.