Cybersecurity Contests for Employees

All TMU faculty and staff who are employed as of October 31, 2025 are eligible to participate, with the exception of those in Computing and Communications Services and Administration and Operations Communications.

Throughout Cybersecurity Awareness Month in October, all eligible faculty and staff will be sent fake phishing emails. To participate in the contest, you’ll need to:

1. Report at least three fake phish to spamrec@torontomu.ca using the “forward” function in your email (please do not use the “forward as attachment” option); and
2. Avoid clicking the malicious link in more than two of our fake phish.

Once you’ve fulfilled both these requirements, you’ll be automatically entered into the contest.

TMU receives a number of phishing emails each day that are designed to deceive you into giving away sensitive data like your TMU username and password, credit card number or bank account details.

Many phishing emails include common traits that can make them easy to catch once you learn what they are.

Even though these emails are coming from TMU Computing and Communications Services (CCS), the goal is for you to identify the email and not respond by clicking a link or opening an attachment.

A cybersecurity awareness software will be used to help track the success of employees in learning how to recognize phish and malware emails and report them to CCS. Our goal is to teach everyone how to respond to phishing emails, now and in the future. 

• Your dean/chair/supervisor/manager will not be notified of how or if you interact with these emails. 
• You will be notified immediately with a message on your screen and offered information on how to avoid phishing emails in the future. 
• Your name and results will be kept confidential—this training is designed to help you learn. 

That’s it! If eligible, you’re automatically entered to win! 

Report three malicious emails without following the malicious instructions of more than two, and we’ll automatically enter you to win your choice of an Apple Watch Series 11 or a Google Pixel Watch 4.

Eligible winners will be notified via email by November 30, 2025.

If you do not wish your name to be included in this contest, please complete the  (google form) Employee Phish Reporting Contest Opt-out Form (external link) .

CCS provided all employees an opportunity to opt out of receiving simulated phish from TMU by completing a quiz to demonstrate understanding of cybersecurity best practices. The deadline for completion was September 30, 2025 and the quiz has now closed. For more information about receiving phishing emails, please contact the CCS Help Desk via the IT Help Portal, help@torontomu.ca or 416-979-5000, ext. 556806.

All TMU faculty and staff who are employed as of October 31, 2025 are eligible to participate, with the exception of those in Computing and Communications Services and Administration and Operations Communications.

Complete the Cybersecurity Knowledge Quiz between October 1 and 31, 2025. The quiz is built using Google Forms and you’ll need to be logged in with your TMU account to access the quiz.

• Once you complete the quiz and press the “submit” button, your email address will be automatically recorded.
• If you achieve a passing grade of 80%, you’ll be automatically entered into the contest.
• Of course, in the interest of fairness, you’ll only have one chance to complete the quiz and earn one ballot for the quiz completion.

Important: Don’t forget to click “submit” at the end of the quiz to ensure your entry in the draw! Otherwise, Google Forms will not capture your email or participation.

Please note due to an issue with the quiz, the original question five has been removed. The quiz now includes 11 questions and a passing grade is considered 80% or 9 out of 11 questions answered correctly. 

If you do not wish your name to be included in this contest, please complete the  (google form) Employee Cybersecurity Knowledge Quiz Contest Opt-out Form (external link) .