Malicious actors constantly try different methods to trick users. This phish was received by a large number of UVic email accounts and was sent from a compromised account at another Canadian university. Rather than sending a link to click on, it lures people to text a number, that locals will recognize as typically Vancouver area code.
A text to the number will eventually result in a shortened URL that leads to a UVic looking login page to steal credentials if entered. After entering credentials, the page redirected to uvic.ca. The host URL has also hosted a fake login page from the other Canadian university; showing how malicious actors take successful results from one campaign and use it to spread to others to get more accounts.
