This phish tries to trick the user into thinking they broke the law or violated policy:
It redirects to a phish page complete with UVic Edge branding, logos, and terminology. While it looks pretty and official, it’s certainly phishing.
Once you enter your NetLink ID and password, it presents you with a nice Thank You page:
Sometimes an email will look like it came from a legitimate sender, but in reality the sender email was faked. This is called email spoofing, and the phish below gives a good example of that. Here, the phisher spoofed distributions@grants.gov, but a close look at the mail headers revealed that it did not come from grants.gov and replies to the message would actually be sent to a different, very suspicious-looking address.
This carefully-crafted spear phish for the most part looks like it could have been written by Jamie Cassels–but of course it wasn’t. One of my colleagues found that the phisher actually copied much of the wording from an April 22 open letter from the president of McMaster University.
If you recall opening the attached PDF, please contact your departmental support staff or the Computer Help Desk as soon as possible.
The CRA has a reference page on how to recognize scams here: https://www.canada.ca/en/revenue-agency/corporate/security/protect-yourself-against-fraud.html
This con is a pure social engineering relying on fear alone and not utilizing any technical means or knowledge.
