This phish comes with a relatively innocent subject suggesting you were sent files by “wetransfer” (a free file exchange platform). It contains a “Get your files” button and a separate “download link” which on screen seems to point to wetransfer.com.
What’s really dangerous about this phish is that both the button and the download link in fact point to a malicious site which has nothing to do neither with wetransfer, nor with UVic. The actual URL (pointed by the red arrow in the screenshot below) can be seen if you hover the mouse cursor over the link. That site contains a copy of the main UVic page and asks you to login with your UVic credentials. It looks so real that you may forgot what was the initial email about and you may forgot to check the address in the address bar.
——————————————————————————————-
And below is how the fake UVic page looks like. Note the malicious site address in the address bar. As always – we suggest not to be curious and not to click on such links even for a quick look. Some of them may contain malware and infect your machine almost instantly. Our experts open those in dedicated isolated environments.
