This targeted phish claims to come from UVic, but the sender address is external, which is a warning sign. Depending on what mail app you use and how you’ve configured it, you might see the UVic wordmark at the top of the message. Phishers often copy the branding of the organization they are trying to impersonate to make the phishing email look like it’s legitimate.
There are also other red flags in the message text:
- It instills a false sense of urgency by claiming there are important messages that have not reached you
- There are a couple of errors or typos, most notably the spelling error in “Usser”
- If you hover over the link, you will see it does not go to www.uvic.ca
Always evaluate whether the message could be phish before clicking the link. The factors described above indicate this link is not safe. Clicking on the link to determine whether it is legitimate is a bad idea; the link could lead to malware, or it could go to a phish site that closely imitates the real login page. The latter is the case for this phish–the link leads to a replica of the real UVic login page.
