Sometimes organizations ‘quarantine’ email messages that might be suspicious, allowing the end user to review before releasing them to the user’s mailbox. This phish tries to fool the user into thinking they have messages that need to be released from that quarantine.
In this case, the fake login page was hosted on the Google Firebase storage service. The attacker used the UVic martlet image to try to fool users into thinking this is a legitimate UVic service, which it’s not.
