As always, don’t rush to click on the link; you should hover over it first to see where it goes. This one goes to a page on a free website builder, which is a sure sign this upgrade notice isn’t legitimate.

Notice the note at the end saying “This message has been scanned for malware”. That should not be interpreted as a sign the email is safe; the phisher could have faked that text.

New Shared_Document_ 0DFDA1C6

This phish tries to trick you into clicking the link by claiming to be an important document from management and HR (note the inclusion of in the sender display name). The actual sender email address is not from UVic but uses a suspicious domain that is trying to pose as SharePoint. Hovering over the link would show that the link goes to neither UVic nor Microsoft SharePoint.

Payment for invoice#52190 is due today [Malware]

The purported invoice attachment in this email is a .img file. You might be tempted to think the file is an image (that is, a picture), but .img files are actually disk images, which means they can contain other files. This particular example contains a malicious program.

If you receive an email with a suspicious attachment, do not forward it as is, even to report it or warn other people. Doing so leaves the attachment exposed where someone could accidentally click on it. If you want to safely report it to your departmental support staff or the Computer Help Desk, forward the email as an attachment instead, or better yet, use the Report Phishing button if you have it.

System Administrator

Another typical generic phish pretending to be a Microsoft Exchange alert. Emails threatening to close your account if you do not click the link in a short period of time are a common sign of a phish (legitimate account closure warnings would give you much more advance notice, usually weeks or months). In this case, the phishy nature of the link is also on clear display.