A resource for individuals external to UHN that have been receiving misleading spam and phishing emails falsely under the guise of 'uhnresearch.ca'.

Phishing is on the rise

Note: this information is relevant for individuals who do not work at UHN and appear to be receiving spam from uhnresearch.ca.

 

The worldwide COVID-19 crisis has seen a surge of misinformation and baseless claims, falsely associated with many leading health-care institutions worldwide. We are aware that some people are receiving fraudulent email communications claiming to be from the UHN Research domain. While the email addresses appear to be associated with our institution, the messages do not originate from UHN Research or any affiliated party. These messages are coming from unknown individuals who are fraudulently using our domain name by masking the “from” address and falsely using ‘uhnresearch.ca’. This is an example of phishing.

 

Image that shows the definition of what phishing is.

You can help protect your data

There are ways we can spot phishing emails and protect our personal information. See the infographic below to learn about characteristics that might indicate a fraudulent email.

 

Image showing the key characteristics of fraudulent emails (ie, vague sender address, urgent message, generic greeting, spelling errors, requests for personal info, no contact info, suspicious links or attachments)

 

If you receive one of these emails, please take the following actions:

  1. Don’t click on suspicious links or offers that are too good to be true. Links may direct you to enter personal information or download malicious software to your computer
  2. Work with your email service provider to reduce the amount of spam you receive
  3. Forward the suspicious email to email-abuse@uhn.ca to help us learn more about the fraudulent emails so we can put an end to this
  4. Mark the email as spam and delete it

 

Image showing the steps you can take to protect yourself against spam and phishing.

 

If you are a UHN patient, volunteer or collaborator and are receiving spam emails, please contact UHN Digital through internal routes. We want to assure you that your data is safe and that if you are receiving these emails, it is most likely a coincidence. Most of the recipients of these spam emails are not associated with uhnresearch.ca in any way.

What emails do we send out?

As a not-for-profit public hospital, we never send mass emails or advertise products or services to patients or the general public. Research at UHN sends out a very small volume of email newsletters to key stakeholders (ie, funding and governmental agencies, members of our boards and committees, and individuals who have signed up to learn about research advancements). For a list of our newsletters, please visit our webpage.

We are taking action

We are very concerned that our domain is being used in this way and we are well underway on a project to centralize our outbound mail through new, more secure channels that will allow your internet service provider to differentiate fraudulent messages from real messages. We are also working with one of the leading commercial providers of email security services to learn more about how our domain names are being misused so we can halt them at the source.

WWW Banner: 

Phishing is on the rise

Note: this information is relevant for individuals who do not work at UHN and appear to be receiving spam from uhnresearch.ca.

 

The worldwide COVID-19 crisis has seen a surge of misinformation and baseless claims, falsely associated with many leading health-care institutions worldwide. We are aware that some people are receiving fraudulent email communications claiming to be from the UHN Research domain. While the email addresses appear to be associated with our institution, the messages do not originate from UHN Research or any affiliated party. These messages are coming from unknown individuals who are fraudulently using our domain name by masking the “from” address and falsely using ‘uhnresearch.ca’. This is an example of phishing.

 

Image that shows the definition of what phishing is.

You can help protect your data

There are ways we can spot phishing emails and protect our personal information. See the infographic below to learn about characteristics that might indicate a fraudulent email.

 

Image showing the key characteristics of fraudulent emails (ie, vague sender address, urgent message, generic greeting, spelling errors, requests for personal info, no contact info, suspicious links or attachments)

 

If you receive one of these emails, please take the following actions:

  1. Don’t click on suspicious links or offers that are too good to be true. Links may direct you to enter personal information or download malicious software to your computer
  2. Work with your email service provider to reduce the amount of spam you receive
  3. Forward the suspicious email to email-abuse@uhn.ca to help us learn more about the fraudulent emails so we can put an end to this
  4. Mark the email as spam and delete it

 

Image showing the steps you can take to protect yourself against spam and phishing.

 

If you are a UHN patient, volunteer or collaborator and are receiving spam emails, please contact UHN Digital through internal routes. We want to assure you that your data is safe and that if you are receiving these emails, it is most likely a coincidence. Most of the recipients of these spam emails are not associated with uhnresearch.ca in any way.

What emails do we send out?

As a not-for-profit public hospital, we never send mass emails or advertise products or services to patients or the general public. Research at UHN sends out a very small volume of email newsletters to key stakeholders (ie, funding and governmental agencies, members of our boards and committees, and individuals who have signed up to learn about research advancements). For a list of our newsletters, please visit our webpage.

We are taking action

We are very concerned that our domain is being used in this way and we are well underway on a project to centralize our outbound mail through new, more secure channels that will allow your internet service provider to differentiate fraudulent messages from real messages. We are also working with one of the leading commercial providers of email security services to learn more about how our domain names are being misused so we can halt them at the source.