Notice to vendors: Fraud alert

Toronto Metropolitan University (TMU)’s Procurement and Payment Services has been informed of attempted fraudulent activity in which vendors are being contacted by someone impersonating a TMU employee and requesting participation in upcoming TMU projects. 

The TMU Financial Services team and Information Security team are aware of this attempted fraud and are taking actions to address it.

How you can tell a request is fake phishing attempt

When malicious actors impersonate TMU employees via phishing emails, the fraudulent sender’s email address is often very similar to an official ryerson.ca email address but differs slightly. For example, a fake university email address may end with ryersonca.com or procurement@torontomu-edu.ca. 

Please note that all legitimate email communications from TMU end with the “@torontomu.ca” domain name.

What should you do? 

It is strongly recommended that prior to responding to any email from TMU, vendors should confirm that the sender’s email address ends with @torontomu.ca. Alternatively, you can verify the sender’s TMU email address by visiting torontomu.ca/contact and searching their name.

If you receive an email that you suspect to be a fraudulent phishing email, please forward the message to TMU’s Information System Security Officer at isso@torontomu.ca and report it to Computing and Communications Services (CCS) by forwarding the email to spamrec@torontomu.ca. 

Thank you for your cooperation and vigilance to keep both TMU and your organization safe online.