This phish mentions phishing to trick you into thinking it’s a legitimate email.
However, it goes to a URL that is clearly not a Microsoft site. Notice how the word “Password” has been changed to use special characters to avoid detection by automatic scanners.
The UVic email system did not add the “From a trusted sender” banner. The phisher added this fake banner to make the message look legitimate.
University Systems has received reports of multiple blackmail-related emails targeting UVic users. The email is a blackmail or extortion attempt which includes a previously-used password and threatens that potentially embarrassing information will be disclosed if the fee is not paid, in a certain amount of time. The tone and content of the email is frightening, but the threat is not credible. The senders of the phishing message retrieved the disclosed password by data-mining past breaches of accounts associated with other services such as Facebook, Twitter, Yahoo, LinkedIn and Adobe.
If you have received one of these emails, here are some steps you can take to protect yourself:
This phishing attack mimicked the login page for the UVic Computer Help Desk.
