Cybersecurity Contests for Students

You’re considered an eligible student for the phishing contest if you’re enrolled in at least one course for the spring/summer 2025, fall 2025 or winter 2026 terms.

Throughout Cybersecurity Awareness Month in October, all eligible students will be sent fake phishing emails. To participate in the contest, you’ll need to:

1. Report at least three fake phish to spamrec@torontomu.ca using the “forward” function in your email (please do not use the “forward as attachment” option); and
2. Avoid clicking the malicious link in more than two of our fake phish.

Once you’ve fulfilled both these requirements, you’ll be automatically entered into the contest.

TMU receives a number of malicious or phishing emails each day that are designed to deceive you into giving away sensitive data like your TMU username and password, credit card number or bank account details.

Many phishing emails include common traits that can make them easy to catch once you learn what they are.

Even though these emails are coming from TMU Computing and Communications Services (CCS), the goal is for you to identify the email and not respond by clicking a link or opening an attachment.

A cybersecurity awareness software will be used to help track the success of students in learning how to recognize phish and malware emails and report them to CCS. Our goal is to teach everyone how to respond to phishing emails, now and in the future. 

• Your name and results will be kept confidential—this training is designed to help you learn. 
• Your professors and TMU administration will not be notified of how or if you interact with these emails.
• You will be notified with a message and offered information on how to avoid phishing emails in the future.

That’s it! If eligible, you’re automatically entered to win! 

Report three malicious emails without following the malicious instructions of more than two, and we’ll automatically enter you to win your choice of an Apple Watch Series 11 or a Google Pixel Watch 4.

Eligible winners will be notified via email by December 12, 2025.

If you do not wish your name to be included in this contest, please complete the  (google form) Student Phish Reporting Contest Opt-out Form (external link) .

CCS provided students an opportunity to opt out of receiving simulated phish from TMU by completing a quiz to demonstrate understanding of cybersecurity best practices. The deadline for completion was September 30, 2025 and the quiz has now closed. For more information about receiving phishing emails, please contact the CCS Help Desk via the IT Help Portal, help@torontomu.ca or 416-979-5000, ext. 556840.

You’re considered an eligible student for the cybersecurity quiz contest if you’re enrolled in at least one course for the fall 2025 term.

Complete the Cybersecurity Knowledge Quiz between October 1 and 31, 2025. The quiz is built using Google Forms and you’ll need to be logged in with your TMU account to access the quiz.

• Once you complete the quiz and press the “submit” button, your email address will be automatically recorded.
• If you achieve a passing grade of 80%, you’ll be automatically entered into the contest.
• Of course, in the interest of fairness, you’ll only have one chance to complete the quiz and earn one ballot for the quiz completion.

Important: Don’t forget to click “submit” at the end of the quiz to ensure your entry in the draw! Otherwise, Google Forms will not capture your email or participation.

Please note due to an issue with the quiz, the original question five has been removed. The quiz now includes 11 questions and a passing grade is considered 80% or 9 out of 11 questions answered correctly. 

If you do not wish your name to be included in this contest, please complete the  (google form) Student Cybersecurity Knowledge Quiz Contest Opt-out Form (external link) .